Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CodeBuddy Coding
v1.0.0通过调用 CodeBuddy CLI,支持代码生成、重构、调试和文件操作,并提供任务进度监控和结构化结果输出。
⭐ 0· 22·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, package metadata, and code all implement a wrapper around an external CodeBuddy CLI (execute tasks, parse JSON output, monitor progress). Declared dependency on a 'codebuddy-cli' is consistent with the stated purpose; no unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Runtime instructions and code focus on invoking the CodeBuddy CLI and parsing its JSON output, subscribing to progress, and returning structured results — that matches the purpose. However, cli-wrapper spawns the CLI with shell:true while inserting the user-provided task/prompt into command arguments; this creates a command-injection risk if task strings are untrusted. SKILL.md and examples also encourage using permissionMode 'bypassPermissions', which could grant the CLI broader file-system capabilities. The skill's instructions do not read unrelated secrets or system files, but the CLI it calls may perform arbitrary file and command operations.
Install Mechanism
No external download/install spec is present (instruction-only with local code files). The skill relies on an external CLI ('codebuddy') already installed on the host — this is expected and avoids remote install risk from the skill package itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not access environment secrets. This is proportionate to a local CLI wrapper. The primary risk stems from the external CLI's permissions, not from the skill requesting extra credentials.
Persistence & Privilege
Skill is not always-enabled, does not alter other skills' configurations, and only maintains in-memory execution logs and monitor state. It does create and reference a test workspace in test scripts, but nothing indicates it persistently modifies unrelated system settings or other skills.
Scan Findings in Context
[child_process_spawn_with_shell] expected: Using child_process.spawn is expected for a CLI wrapper. However, spawn is called with shell:true which increases risk of shell injection if untrusted input (task/prompt) is not sanitized.
[unescaped_user_input_in_cli_args] expected: The code passes the user-provided task/prompt into CLI arguments (the -p value). Supplying arguments is expected for a wrapper, but combined with shell:true this becomes a potential command-injection vector — consider removing shell:true or properly escaping/sanitizing inputs.
Assessment
This skill appears to be a legitimate wrapper for a local CodeBuddy CLI, but review and take precautions before installing:
- Ensure the CodeBuddy CLI binary you install is trustworthy — the skill delegates powerful actions to that CLI (file creation, execution).
- The wrapper spawns the CLI with shell:true and injects user-provided task/prompt into arguments; avoid passing untrusted strings or sanitize/escape prompts to prevent command injection. Prefer a version that calls spawn without shell or uses execFile/spawn with safe argument arrays.
- Be cautious with the permissionMode 'bypassPermissions' option — enabling it may allow the CLI to overwrite/modify files beyond expected scope; only use it in controlled/sandboxed environments.
- Test the skill in an isolated environment (sandbox or container) first so you can observe what files the CLI modifies and what commands it runs.
- If you need stronger guarantees, request an updated wrapper that removes shell:true or adds explicit input sanitization and explicit allowlists for writable paths.cli-wrapper.js:23
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9773p7skw8xyvdmw5ham7mz3h84edv1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.