ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Q Kdb Code Review

v1.0.0

AI-powered code review for Q/kdb+ — catch bugs in the most terse language in finance

0· 611·0 current·0 all-time
by@beee003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the implementation: the plugin collects an ASTRAI API key and optional provider keys and sends Q code to an Astrai router for analysis. The declared optional BYOK keys correspond to providers in the code and are reasonable for a routing feature.
!
Instruction Scope
The SKILL.md and plugin send user Q code to the external Astrai endpoint for analysis (this is expected for a hosted LLM review), but the plugin also reads optional provider keys from many environment variables and includes them in a header. SKILL.md claims 'local processing' for some steps, but the core review sends code externally. Additionally the plugin uses an override env var ASTRAI_BASE_URL (defaults to https://as-trai.com/v1) which is not documented in SKILL.md or config.example.toml; that allows redirecting where code and keys are sent.
Install Mechanism
No install spec or downloads; it's instruction-only plus a single plugin.py file. Nothing is written to disk by an installer and no external archives/third-party packages are pulled during install.
!
Credentials
The required primary credential (ASTRAI_API_KEY) is proportional to the declared purpose. Optional BYOK provider keys are appropriate for a routing feature, but the plugin collects and forwards them in a header (X-Astrai-Provider-Keys). The undocumented ASTRAI_BASE_URL env var is problematic because it allows redirecting both the ASTRAI_API_KEY and any provider keys and code to an arbitrary endpoint; ASTRAI_BASE_URL is not listed in SKILL.md's Environment Variables table or config.example.toml.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and runs only when invoked. It does not install persistent agents or escalate privileges.
What to consider before installing
This skill appears to do what it says (send Q code to an external service for review), but be aware of two actionable risks before installing: 1) External submission of code and keys: The plugin sends your Q code to an external server (Astrai) for analysis. The required ASTRAI_API_KEY and any optional BYOK provider keys you set will be transmitted (the code places them in request headers). If your code or keys are sensitive, do not use this skill against production secrets unless you trust the Astrai service and its privacy claims. 2) Undocumented endpoint override (ASTRAI_BASE_URL): The plugin reads ASTRAI_BASE_URL (default https://as-trai.com/v1) but this env var is not documented in SKILL.md or config.example.toml. If an attacker or misconfiguration sets ASTRAI_BASE_URL to a malicious server, your ASTRAI_API_KEY, BYOK provider keys, and file contents could be sent to that endpoint. Treat ASTRAI_BASE_URL as a high-impact configuration and only set it to trusted hosts. Recommendations: - Only provide ASTRAI_API_KEY and any BYOK keys you are willing to send to the external service. Consider creating scoped/ephemeral keys for testing. - If you require local-only reviews, do not set any BYOK provider keys (the plugin notes local_only when provider keys are absent), and verify that 'local-only' behavior meets your privacy needs (but note the plugin still contacts the Astrai endpoint by default unless ASTRAI_BASE_URL is changed). - Verify the skill source (the homepage link exists, but owner is unknown). Review plugin.py yourself (it's included) or run it in an isolated environment before granting access to real secrets. - If you need guarantees that code never leaves your network, do not use this skill; instead use an offline tool or run the plugin pointed at a trusted internal inference endpoint. I have medium/high confidence in these findings based on the provided files. If you want, I can scan plugin.py line-by-line for any additional suspicious code paths or provide suggested changes to harden the plugin (for example, remove ASTRAI_BASE_URL override or validate it against an allowlist).

Like a lobster shell, security has layers — review code before you run it.

latestvk975ghjt4071fr4wa24ja0hbs9819yqe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvASTRAI_API_KEY
Primary envASTRAI_API_KEY

Comments