ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Qwen Code

v1.2.0

Run Alibaba Cloud Qwen Code CLI via background process for task execution, code review, and automation.

0· 558·0 current·0 all-time
by@userb1ank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: this is a wrapper around the Qwen Code CLI and the scripts call the qwen binary to run tasks, review code, and run headless jobs. Requiring the qwen binary (anyBins) is appropriate.
!
Instruction Scope
SKILL.md and the shipped scripts instruct the agent to run the qwen CLI on arbitrary prompts and to read local files (e.g., file contents are embedded into prompts for review). Headless examples and scripts read project files and git diffs and then call qwen, which transmits content to Alibaba Cloud services — this is expected for a code-review tool but is a sensitive action (possible data exfiltration of source code). The README and examples also instruct use of an API key env var (DASHSCOPE_API_KEY) while the script checks for BAILIAN_CODING_PLAN_API_KEY inside ~/.qwen/settings.json — inconsistent naming and unclear provenance of required credentials.
Install Mechanism
There is no automated installer in the skill bundle (instruction-only install spec). Examples tell users to npm install the official qwen CLI. No downloads from untrusted URLs or archive extraction are present in the skill files. This is low-risk from an installation perspective.
!
Credentials
The registry metadata declares no required env vars, but SKILL.md and examples instruct setting DASHSCOPE_API_KEY and the CI examples use that name. The script itself looks for a different key (BAILIAN_CODING_PLAN_API_KEY) inside ~/.qwen/settings.json. That mismatch is confusing and could cause users to export keys under the wrong name. Aside from that, the skill does not request unrelated cloud credentials (no AWS/GCP keys), so the set of secrets it uses is limited to the Qwen/Dashscope API key space — but the missing/ambiguous env var declaration is a proportionality/clarity issue.
Persistence & Privilege
The skill is not forced-always and uses normal autonomous invocation defaults. The scripts read and write under ~/.qwen/ (settings, projects, skills). In particular, the skillCommand implementation can create directories and files under ~/.qwen/skills — i.e., it can add skill files into the user's Qwen skills directory. That behavior is coherent with 'Skills management' features but does modify a shared config area (other skills). Consider this a capability that increases impact if misused.
What to consider before installing
This skill is a wrapper for the official Qwen Code CLI and generally behaves consistently with that purpose, but review these points before installing: - Authentication naming is inconsistent: SKILL.md/examples refer to DASHSCOPE_API_KEY while the script inspects BAILIAN_CODING_PLAN_API_KEY inside ~/.qwen/settings.json. Make sure you understand which credential the environment/CLI actually requires and never paste high-privilege keys unless intended. - The skill (and its example scripts) will read your project files, git diffs, and other local files and pass them to the qwen CLI, which sends data to Alibaba Cloud. Do not run the examples on sensitive, proprietary, or secret-containing code unless you are comfortable sending that data to Qwen services. - The tool can create files under ~/.qwen/skills and read/write ~/.qwen/settings.json and project chat files. If you prefer stricter isolation, avoid using the skill's skill/agent-management commands or run in a disposable environment. - If you want to limit risk: run the wrapper only manually (do not allow unattended/autonomous invocations), inspect the script source (scripts/qwen-code.js), and test in a non-sensitive repository first. Ask the author to clarify the API key names and document precisely which env/config keys are used.

Like a lobster shell, security has layers — review code before you run it.

latestvk978r98wknmvka5raps4rpp65581zqxq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦌 Clawdis
Any binqwen

Comments