ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能代码助手

v1.0.0

智能理解和精准诊断代码,提供修复、重构建议及自动生成文档,提升代码质量与维护效率。

0· 91·0 current·0 all-time
bybittao@hgta23

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hgta23/s.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "智能代码助手" (hgta23/s) from ClawHub.
Skill page: https://clawhub.ai/hgta23/s
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install s

ClawHub CLI

Package manager switcher

npx clawhub@latest install s
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (智能代码助手) match the provided prompts and skill.json features. However, the skill promises deep capabilities (AST analysis, data-flow, architecture analysis, continuous learning) but the included runtime code (main.py) contains only simple stub methods that return static strings and perform no actual parsing, file I/O, or network work. Also metadata is inconsistent: top-level 'Homepage: none' / 'Source: unknown' vs skill.json claiming a GitHub repo URL. This is an overstated capability / provenance mismatch.
Instruction Scope
SKILL.md and prompt files instruct the agent to analyze 'provided code' and list checks to perform; they do not instruct reading arbitrary system files or environment variables. One function signature (analyze_architecture(project_path)) implies analyzing a project path, but the current implementation is a stub that does not access the filesystem. The result: instructions appear scoped to user-provided code, but the skill's marketing claims broader project-level analysis that would require filesystem access which is not implemented here. This discrepancy is scope/expectation drift rather than an explicit data-exfiltration instruction.
Install Mechanism
No install spec — instruction-only with a small code file. No downloads, no third-party installers, and nothing is written to disk by an installer. Low install risk.
Credentials
Skill requests no environment variables, credentials, or config paths. That is consistent with its current implementation which doesn't perform network calls or require external services.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication the skill requests persistent/system-wide changes or elevated privileges. Autonomous invocation is allowed by default but not flagged on its own.
What to consider before installing
This package is not obviously malicious — it neither asks for credentials nor installs external code — but it overpromises. The code shipped is a collection of stubs that return static text; it does not implement the advanced AST/data-flow/project analysis described in SKILL.md. Before installing or relying on it: 1) verify the claimed repository (skill.json points to a GitHub URL but the source/homepage in the registry is unclear); 2) treat the skill as untrusted for sensitive code — don’t provide secrets or private repo credentials; 3) if you need the advertised deep-analysis features, request evidence (tests, implementation, or a real parser) or prefer a skill with verifiable source; 4) watch for future versions that add filesystem or network access (e.g., analyze_architecture(project_path)) and re-evaluate permissions then. If you plan to let agents call this autonomously, prefer a sandboxed environment until you confirm its real behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbst1xh3mcv9jyxbyre8yr184a0rt
91downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
bittao@hgta23
latest
Download

name: s-skill version: 1.0.0 description: Smart = 智能理解 + 精准回应 - 智能代码助手,深度理解你的代码,精准提供诊断、修复、重构和文档生成建议

s-skill - 智能代码助手 🧠

🌟 核心定位

Smart - 专注于智能理解和精准回应,做你最得力的代码伙伴!

🎯 实际功能

1. 智能代码解释器

  • 深度分析代码逻辑
  • 清晰解释复杂算法
  • 识别设计模式
  • 生成代码流程图

2. 智能错误诊断

  • 自动检测潜在Bug
  • 分析错误根因
  • 提供具体修复方案
  • 预防代码隐患

3. 智能重构建议

  • 识别代码坏味道
  • 提供重构方案
  • 优化性能瓶颈
  • 提升代码可维护性

4. 智能文档生成

  • 自动生成函数文档
  • 创建API说明
  • 生成使用示例
  • 保持文档与代码同步

💡 使用示例

代码解释

用户: 帮我解释这段代码在做什么
s-skill: 深入分析后,这段代码实现了一个LRU缓存机制...

错误诊断

用户: 这段代码有什么问题吗?
s-skill: 检测到3个潜在问题:1) 内存泄漏风险... 2) 并发安全问题... 3) 边界条件未处理...

重构建议

用户: 帮我优化这段代码
s-skill: 建议重构方案:1) 提取方法... 2) 使用策略模式... 3) 添加单元测试...

文档生成

用户: 为这个函数生成文档
s-skill: 已生成完整文档,包含:功能说明、参数说明、返回值、使用示例、注意事项...

🔧 核心特性

深度理解

  • AST语法树分析
  • 类型推断
  • 数据流分析
  • 上下文感知

精准回应

  • 具体可执行的建议
  • 代码示例支持
  • 利弊分析
  • 优先级排序

持续学习

  • 积累最佳实践
  • 识别常见模式
  • 优化建议质量
  • 适应用户风格

📈 技术亮点

  1. 语义理解 - 不只是看代码,更理解代码意图
  2. 上下文感知 - 考虑项目整体架构和风格
  3. 可操作建议 - 每个建议都有具体的代码示例
  4. 渐进式优化 - 从小处着手,逐步提升代码质量

🎨 设计理念

  • 实用至上 - 只做真正有用的功能
  • 精准聚焦 - 不贪多,把一件事做到极致
  • 用户友好 - 简单的指令,专业的结果
  • 持续进化 - 根据用户反馈不断优化

Smart Code Assistant - 让你的代码更智能! 🚀

Comments

Loading comments...