ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Analyzer

v1.0.0

Analyze and extract structure and modules from the leaked Claude Code GitHub project for AI-assisted Python programming.

0· 27·0 current·0 all-time
by@bingze00000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description promises analysis of a leaked 'Claude Code' GitHub project, but the included code (main.py) only returns a static JSON-like result and does not perform any file or network analysis. The SKILL.md shows an API (analyze(path)) that does not exist in the code. meta.json lists dependencies (requests) that the code does not use.
!
Instruction Scope
SKILL.md instructs importing from 'claude_code_analyzer' and calling analyze('path/to/claude/code'), suggesting file-system inspection of a user-provided path and possibly GitHub content, but the code has no such function or logic. The instructions reference installing with 'clawhub' though no install spec is present. The guidance to analyze 'leaked' source raises ethical/legal concerns and is not supported or constrained by the implementation.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However SKILL.md references an external installer 'clawhub install ...' that is not provided or documented in the package. meta.json also declares requirements (requests, json) despite no install mechanism and the code not using 'requests'.
Credentials
The skill declares no required environment variables or credentials (appropriate for a local analyzer). meta.json lists Python dependencies but no environment or credentials. There is no request for sensitive information, but inconsistencies between declared dependencies and actual code reduce trust.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify system or other-skill configuration. No elevated privileges are requested.
What to consider before installing
This package is inconsistent and likely incomplete: the README/SKILL.md promises an analyze(path) function and GitHub/leak analysis, but the shipped code is just a stub that returns a static message and does not implement the advertised behavior. Before installing or using it: (1) do not supply any credentials or sensitive paths; (2) ask the publisher for the real source/homepage and a version that actually implements the described API; (3) request provenance for the claimed 'leaked' code (legal/ethical risk) and an explanation of how the tool accesses repositories (local only vs. GitHub API); (4) verify and/or run the code in a safe, isolated environment if you want to test it; and (5) avoid paying or entering billing information until the implementation and provenance are confirmed. The current mismatch between documentation, metadata, and code is the primary concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ekzjemn8ctd064tj7gtpat1845wfe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments