ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dev Tools Pack

v1.0.0

Collection of developer tools including Chrome extension templates, AI code reviews, GitHub README generators, SaaS landing pages, tech blogs, and tweet thre...

0· 295·3 current·3 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (developer generators + code review helpers) match the included shell scripts and README: each script generates project artifacts or prints reports. Required resources (bash, git) align with what the scripts do.
Instruction Scope
Runtime instructions are narrowly scoped to running the included scripts. The scripts read local project files (e.g., git repo, diffs, git config) and write generated project files — behavior that matches the stated purpose. Note: the code-review script prints a sample report and mentions using GITHUB_TOKEN to enable PR reviews (optional).
Install Mechanism
No install spec is present; this is an instruction-only skill with bundled shell scripts. Nothing is downloaded or executed from remote URLs.
Credentials
The skill declares no required env vars. Scripts optionally consult local git config and reference an optional GITHUB_TOKEN for PR functionality, which is proportionate to a code-review/PR feature. No other secret names or external credentials are requested.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide agent settings, and only writes generated files in the output directory — expected for a generator toolkit.
Assessment
This package appears coherent and limited to local project generation and reporting. Before running: (1) inspect the scripts yourself (they are plain shell) to confirm output paths; (2) run them in a non-privileged directory (not as root) so they can't overwrite important files; (3) be mindful that the code-review script can use your GITHUB_TOKEN for PR integration — only provide it if you trust the environment; (4) some commands use macOS-style sed (sed -i ''), which may fail on Linux — adjust before use. If you plan to publish generated assets (extensions, pages), review the generated code for secrets or placeholders (the example report contains a fake API key string).

Like a lobster shell, security has layers — review code before you run it.

latestvk975vp6ys56s52cgxbr5aqs0qn8296tk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments