ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Explainer Tool

v1.0.0

Explain any code snippet or file in plain English. Paste code → get a clear explanation of what it does, how it works, and key concepts. Use when the user sh...

0· 17·0 current·0 all-time
byCJ Hauser@cloudcompile
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the stated purpose (explaining code snippets). The declared requirements (no binaries, no env vars) are minimal and appropriate for a read-and-explain skill.
!
Instruction Scope
SKILL.md stays focused on explaining code, but the Script section tells the agent to run `python scripts/explain_code.py` (or pipe code to it). No such script is present in the bundle. That mismatch is risky: it could cause the agent to try executing or retrieving code from elsewhere, or to run arbitrary Python on user files.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, which is the lower-risk option for installation. Nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate for a read-and-explain tool.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system settings per the provided metadata.
Scan Findings in Context
[NO_CODE_BUT_SCRIPT_REFERENCED] unexpected: SKILL.md references `scripts/explain_code.py` and example runtime commands, but the skill bundle contains no code files. An instruction-only explainer usually shouldn't instruct running a local script that isn't shipped.
What to consider before installing
This skill conceptually does what it says (explain code), but the SKILL.md instructs running a helper script that is not included. Before installing or enabling it: 1) Ask the publisher where `scripts/explain_code.py` comes from — verify the source and review its code. 2) If you will permit the agent to execute commands, ensure execution is sandboxed; avoid granting it access to sensitive files. 3) Prefer a purely instruction-only workflow (agent analyzes pasted code text) rather than running external scripts. 4) If you cannot review the referenced script, treat the skill with caution or disable autonomous invocation so it cannot run commands without approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk973zapqm39qg4wephnc7fs9w5846wcf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Code Explainer

Transform code into plain-English explanations. Perfect for learning, reviewing, or understanding unfamiliar code.

Usage

explain this code
what does this do?
explain: [paste code]

How it works

  1. Analyzes code structure and syntax
  2. Identifies key operations and patterns
  3. Explains in plain English with technical accuracy
  4. Highlights important concepts and potential issues

Supported Languages

All major languages supported:

  • Python, JavaScript, TypeScript
  • Go, Rust, Java, C/C++, C#
  • Ruby, PHP, Swift, Kotlin
  • SQL, Shell/Bash, YAML, JSON
  • And more...

Output Format

  • Summary: What the code does
  • Breakdown: Step-by-step explanation
  • Key Concepts: Important patterns/techniques used
  • Notes: Warnings, best practices, or improvements

Script

python scripts/explain_code.py <path/to/file>

Or pipe code:

cat myfile.py | python scripts/explain_code.py -

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…