Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Production Code Audit
v1.1.0Deep-scan a codebase, understand its architecture and patterns, then produce a comprehensive audit report with prioritized fixes. Optionally apply changes on...
⭐ 0· 82·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description align with the instructions: the skill is an instruction-only audit that reads a repo, reports issues, and — if explicitly requested — creates a branch and applies fixes. No unrelated binaries, environment variables, or installs are requested.
Instruction Scope
Most runtime steps stay within auditing/fixing a codebase (reading source files, running tests, creating a fix branch). However the SKILL.md contains a direct contradiction: under 'Secrets handling' it says 'Do NOT remove or commit secrets' but the Fixes example shows removing a hardcoded DB password and committing a change. The doc is also vague about the exact mechanisms for creating/opening PRs (does it use git push, GitHub API, or ask for tokens?), and about what local operations will be executed without explicit, contextual user consent (tests, CI runs, network access). These ambiguities could lead to unexpected modifications or credential usage.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself. Low install risk.
Credentials
The skill declares no required environment variables or credentials, but its 'fix' mode assumes the agent can create branches, push, and open PRs — operations that require git credentials or API tokens. The SKILL.md does not describe the credential scope required (e.g., repo write vs. repo creation vs. org-level), so users may inadvertently grant overly broad access if they provide tokens. Also running tests or CI may require access to databases or third-party services; the doc instructs asking the user, but concrete safeguards are not specified.
Persistence & Privilege
always: false (good). Autonomous invocation is allowed by default — normal for skills — but because the skill can modify a repository when asked, you should ensure the agent only acts when the user explicitly requests 'fix mode'. There is no instruction that the skill will persist beyond its own actions or modify other skills or system-wide settings.
What to consider before installing
This skill generally does what it says (read a repo, report issues, optionally make fixes), but there are important ambiguities you should resolve before installing or granting access: 1) Clarify secret handling — the doc both forbids committing secrets and shows an example that removes a secret and commits the change. Decide whether you want automated secret-removal and what review/approval is required. 2) Confirm how PRs/branch pushes will be performed and what credentials are required; only grant a token with the minimum scope (e.g., repo:public_repo or repo-specific write) and avoid org-wide admin tokens. 3) Require an explicit, interactive confirmation step before any 'fix mode' actions (create branch, modify files, run tests, push). 4) Prefer that test execution happen in a CI sandbox you control rather than on a developer workstation. 5) Always review the diff/PR before merging and consider running the first audit in read-only mode to see the scope of changes the skill proposes. If you cannot verify those behaviors with the skill owner, treat the 'fix' capability as high-risk and use the skill for read-only audits only.Like a lobster shell, security has layers — review code before you run it.
latestvk9701c2js4d4ha5cvstfyftgtx83b9et
License
MIT-0
Free to use, modify, and redistribute. No attribution required.