ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CodeBuddy CLI for OpenClaw

CodeBuddy Code CLI installation, configuration and usage guide. CodeBuddy Code is Tencent's AI-powered CLI programming assistant supporting natural language driven development. - MANDATORY TRIGGERS: CodeBuddy, codebuddy, AI CLI, Tencent AI coding, @tencent-ai/codebuddy-code, terminal AI assistant - Use when: installing CodeBuddy CLI, configuring CodeBuddy, using CodeBuddy commands, troubleshooting CodeBuddy issues

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.3k · 7 current installs · 7 all-time installs
byJiayu@pmwalkercao
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md content: it documents installing and using an npm package (@tencent-ai/codebuddy-code). There are no unrelated requirements (no unexpected env vars or binaries).
Instruction Scope
Instructions stay within expected bounds (installation, CLI usage, config paths like ~/.codebuddy and project .codebuddy). The doc documents a dangerous CLI flag (--dangerously-skip-permissions) that can allow file operations when used; the skill itself warns against its use. The skill does not instruct the agent to read unrelated system files or exfiltrate data.
Install Mechanism
This is instruction-only (no install spec embedded). It recommends installing from npm (npm install -g @tencent-ai/codebuddy-code), which is an expected and commonly used distribution channel; that is moderate-risk in general but appropriate for a CLI guide. No arbitrary download URLs or archive extraction are present in the skill contents.
Credentials
The skill declares no required environment variables and doesn't request credentials. It mentions interactive login methods (Google/GitHub/WeChat) which is expected for a CLI that uses online AI services; those credentials are not requested by the skill package itself. This is proportionate to the documented purpose.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence. It documents creating user-level config and custom command files (~/.codebuddy and project .codebuddy), which is normal for a CLI.
Assessment
This skill is a documentation-only guide, not an installer. Before following the npm install steps: 1) verify the package name and publisher on the npm registry (npm view @tencent-ai/codebuddy-code) and confirm it is an official Tencent/expected maintainer; 2) prefer inspecting the package (and its postinstall scripts) or doing a local install in a sandbox before installing globally; 3) never use the --dangerously-skip-permissions flag in production or on sensitive repositories; 4) review any custom commands placed in ~/.codebuddy or project .codebuddy for secrets or unsafe scripts; and 5) avoid running installs as root and use npm audit / inspect the package source (GitHub) when source/homepage is unknown.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk979c6phfk0jzznmxff6na9bk580gzt5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

CodeBuddy CLI Skill

AI-powered terminal programming assistant from Tencent.

Installation

# Check prerequisites
node -v  # Requires Node.js 18+
npm -v

# Install globally
npm install -g @tencent-ai/codebuddy-code

# Verify
codebuddy --version

Quick Start

  1. Navigate to project directory
  2. Run codebuddy to start interactive session
  3. Choose login method:
    • Google/GitHub: International version (Gemini, GPT models)
    • WeChat (微信): China version (DeepSeek models)

CLI Arguments

ArgumentDescription
codebuddy "<prompt>"Execute single task
-y / --dangerously-skip-permissionsSkip permission confirmations (sandbox only)
-p / --printSingle execution mode (requires -y for file ops)
--permission-mode <mode>acceptEdits, bypassPermissions, default, plan
--versionShow version

Examples

# Interactive mode
codebuddy

# Single task
codebuddy "帮我优化这个函数的性能"
codebuddy "生成这个 API 的单元测试"
codebuddy "检查这次提交的代码质量"

# Skip permissions (sandbox only)
codebuddy -p "Review code quality" -y

Slash Commands

CommandDescription
/helpDisplay available commands
/statusShow account info and current model
/loginSwitch accounts
/logoutSign out
/clearReset conversation history
/exitEnd session
/configOpen configuration
/doctorDiagnose issues
/costToken usage statistics
/initGenerate CODEBUDDY.md project guide
/memoryEdit project memory files

Type ? during session for keyboard shortcuts.

Custom Commands

Create .md files in:

  • Project: .codebuddy/commands/
  • Global: ~/.codebuddy/commands/

Update

npm install -g @tencent-ai/codebuddy-code

Security Notes

--dangerously-skip-permissions risks: file deletion, scope creep, data loss. Never use in production.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…