ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SATAgent

v1.0.0

Run the pure-LLM variant of the QLCoder workflow for both CVE samples and local Web App repositories. Supports multi-profile taint-flow analysis with source/...

1· 97·0 current·0 all-time
by@setg-git

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for setg-git/sat-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "SATAgent" (setg-git/sat-agent) from ClawHub.
Skill page: https://clawhub.ai/setg-git/sat-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sat-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install sat-agent
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and bundled files implement a QLCoder pure-LLM taint-flow analysis (Java/Python web) which matches the described capability, but the registry metadata/name ('SATAgent') does not match the SKILL.md name/slug (qlcoder-pure-llm / coder-pure-llm). This naming mismatch and leftover absolute paths (e.g., /Users/aibot/...) are incongruent and suggest sloppy packaging or repackaging.
Instruction Scope
Instructions intentionally read repository files, build manifests, and run local analysis; the bundled script performs wide file-system scanning (rglob over repo), pattern matching, writes JSON artifacts, and calls subprocess.run to invoke external commands (e.g., python -m qlcoder.cli). Those actions are consistent with code-analysis purpose, but SKILL.md contains hard-coded absolute developer paths and encourages running the wrapper which will search the entire repo — a significant scope that should be reviewed by the user.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-only with a bundled Python script. Nothing external is fetched during install by the skill package itself.
Credentials
The skill declares no required environment variables or credentials and the code does not require external tokens. It reads local files and may invoke local Python modules; no unnecessary secrets access is requested.
Persistence & Privilege
always:false and no special persistence or modifications to other skills are requested. The skill can be invoked by the model (normal default). The primary risk is the skill's ability to read workspace/repo files and run subprocesses when executed.
What to consider before installing
This skill runs local repository-wide scanning and executes subprocesses (it invokes python -m qlcoder.cli and similar). Before installing or running: 1) Confirm the QLCoder project you expect is present (qlcoder/cli.py) and that you trust that code; 2) Inspect scripts/run_pure_llm.py (already bundled) to ensure there are no hidden network calls or unexpected commands beyond the visible filesystem scanning and subprocess usage; 3) Note the SKILL.md contains developer-specific absolute paths (/Users/aibot/...), update those to your environment or run from a copy; 4) Run the skill in an isolated sandbox or on a non-sensitive copy of the repository first; 5) If you need stronger assurance, ask the publisher to fix the naming/packaging inconsistencies and remove hard-coded paths. These discrepancies (name mismatch and hard-coded paths) are the main reasons this analysis is flagged as suspicious rather than benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk976tp76c8xqnp6gf1spd7sdkx83q68t
97downloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@setg-git
latest
Download

QLCoder Pure LLM

Use this skill to drive pure-llm mode in the local QLCoder project with two workflows:

  • CVE sample analysis from manifest (patch/advisory-driven).
  • Local repository taint-flow typing for Web App codebases (Java Web, Python Web).

The local workflow now also emits a triaged security finding summary (taint_findings.analysis.*) focused on XSS / SQLi / broken-access-control classes.

Quick Start

  1. Confirm the workspace contains qlcoder/cli.py.
  2. Prefer the helper script: python /Users/aibot/.codex/skills/coder-pure-llm/scripts/run_pure_llm.py --workspace /path/to/workspace
  3. For CVE mode, optionally pass --project-slug <slug> or --batch-limit N.
  4. For local Web App mode, pass: --repo-path /path/to/repo --app-profile auto
  5. Read generated artifacts under runs/.../pure-llm/.

Workflow

A. CVE Manifest Mode

  1. Reuse an existing manifest under datasets/manifests/ when possible.
  2. If missing, build base manifest: python -m qlcoder.cli build-manifest --base-only --allow-manual-override --manual-base-ref master
  3. Run single sample (run-one-pure-llm) or batch (run-manifest-pure-llm).
  4. Summarize:
    • summary
    • source_hypotheses
    • sink_hypotheses
    • sanitizer_hypotheses
    • draft_query_strategy
    • draft_query_text

B. Local Web App Mode (Java/Python)

  1. Run: python /Users/aibot/.codex/skills/coder-pure-llm/scripts/run_pure_llm.py --workspace /path/to/workspace --repo-path /path/to/repo --app-profile auto
  2. --app-profile values:
    • auto: detect by repository file distribution; mixed repositories can run both Java and Python profiles.
    • java-web: force Java Web source/sink/sanitizer typing.
    • python-web: force Python Web source/sink/sanitizer typing.
  3. First review taint_findings.analysis.json/md for prioritized findings and severity.
  4. Then use taint_profile.analysis.json/md for deeper source/sink/sanitizer trace evidence.
  5. Treat these results as taint-flow leads for manual trace confirmation.

Source/Sink Type Reference

See references/taint_profiles.md for the taxonomy used by the local Web App profile report.

Output Contract

CVE manifest mode artifacts

  • runs/<project_slug>/pure-llm/iteration_00.prompt.md
  • runs/<project_slug>/pure-llm/iteration_00.analysis.json
  • runs/<project_slug>/pure-llm/iteration_00.analysis.md
  • runs/<project_slug>/pure-llm/iteration_01.analysis.json
  • runs/<project_slug>/pure-llm-summary.json

Local Web App mode artifacts

  • runs/local-<analysis_name_or_repo>/pure-llm/analysis.json
  • runs/local-<analysis_name_or_repo>/pure-llm/analysis.md
  • runs/local-<analysis_name_or_repo>/pure-llm/taint_profile.analysis.json
  • runs/local-<analysis_name_or_repo>/pure-llm/taint_profile.analysis.md
  • runs/local-<analysis_name_or_repo>/pure-llm/taint_findings.analysis.json
  • runs/local-<analysis_name_or_repo>/pure-llm/taint_findings.analysis.md

Treat JSON artifacts as source of truth. Use Markdown for human-readable review.

Notes

  • Do not claim CodeQL validation in this mode.
  • Missing patch or advisory files are tolerated; the workflow should still proceed using whatever metadata is available.
  • Taint profile output is pattern-based candidate analysis, not full dataflow proof.
  • Java ${...} sink typing is de-noised to mapper SQL context to avoid common pom.xml/config placeholder false positives.
  • The findings summary is heuristic triage; always verify exploitability with targeted trace/tests.
  • For detailed command patterns and wrapper usage, read references/workflow.md.

Comments

Loading comments...