ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dify-code-interpreter

解释任意编程语言代码的语法、逻辑、用途与实现细节,支持多种语言并返回结构化说明。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 668 · 5 current installs · 5 all-time installs
by@zhangwp1
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md documents required configuration parameters (dify_base_url, api_key, chatflow_name) and runtime dependencies (Python, requests). The registry metadata claims no required env vars, no credentials, and no install steps. That mismatch means the manifest does not truthfully describe what the skill needs to operate.
!
Instruction Scope
The instructions say the skill sends code to a Dify chatflow (and references Ollama/qwen3 and a private knowledge base). Sending arbitrary code snippets to an external service may leak sensitive code or secrets. The SKILL.md does not explicitly constrain what inputs are safe to send or instruct the agent to avoid including secrets in submitted code.
Install Mechanism
There is no install spec (instruction-only), which limits on-disk changes. However, the SKILL.md lists runtime requirements (Python 3.8+, requests>=2.31.0) but provides no official install instructions — that disconnect is a documentation/packaging inconsistency to be resolved.
!
Credentials
The SKILL.md requires an API key and base URL for Dify (sensitive credentials), yet the registry metadata lists no required env vars or primary credential. Additionally, the SKILL.md includes a default/example API key-like value (app-pYPzaw...), which is suspicious and could indicate accidental leakage of a real key or careless documentation.
Persistence & Privilege
The skill is not marked always:true and is user-invocable only; it does not request persistent platform-wide privileges in the manifest.
What to consider before installing
Before installing, verify and correct the manifest: the SKILL.md requires a Dify base URL, chatflow name, and API key but the registry metadata declares none. Ask the publisher to (1) remove or replace any hard-coded API key/example that looks real and confirm whether it is active, (2) declare required credentials in the skill manifest so you can review them, and (3) confirm whether code snippets are sent to an external service or only processed locally. Treat code as potentially sensitive — do not use this skill with private/proprietary code until you confirm the endpoint is trusted and the API key is yours (or rotate it if it was leaked). If you cannot get clear answers, consider avoiding installation or running it only in an isolated environment with a disposable key and a local Dify/Ollama instance.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk970ephsvpeqtx8s1zdsb28syh82k5f6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Dify Code Interpreter(dify-code-interpreter)

技能概述

基于Dify+Ollama qwen3:8b模型,结合私有知识库,详细解释任意编程语言代码片段的语法、逻辑、用途和实现细节。

版本信息

  • 版本:1.0.0
  • 运行时:Python 3.8+
  • 依赖:requests>=2.31.0
  • 适配OpenClaw版本:v2026+
  • Skill ID:dify-code-interpreter(强制中划线分隔)

配置参数

参数名类型必填默认值说明
dify_base_urlstringhttp://localhost/v1Dify API基础地址(本地部署填此值)
api_keystringapp-pYPzawyEGIiagRmb1IhJv4PADify应用API密钥(从Dify控制台获取)
chatflow_namestring代码解释器Dify中创建的Chatflow名称

工具列表

explain-frontend-code

功能描述

解释代码片段,支持C、Vue、Python、Java等编程语言,返回结构化的语法/逻辑说明。

参数说明

参数名类型必填说明
codestring待解释的代码片段字符串

使用示例

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…