ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ESLint Config Generator

v1.0.0

生成专业的 ESLint 配置,支持 React, Vue, TypeScript, Airbnb, Standard 等主流规范,一键配置代码规范。

0· 318·2 current·2 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise multi-framework presets and 'automatic dependency installation', but the included shell script only writes a .eslintrc.json with the first argument as the extends value. Generating a config file is consistent with the purpose, but the script does not implement automatic dependency installation or advanced preset handling described in SKILL.md.
Instruction Scope
SKILL.md shows CLI options like --preset, --output, and --install and suggests npm install examples. The runtime artifact (eslint-config-generator.sh) only accepts a single positional preset and writes .eslintrc.json; it does not read unrelated files, environment variables, or contact external endpoints. The instructions are generally scoped to ESLint tasks but are more feature-rich than the script supports.
Install Mechanism
No install spec is provided and the skill is instruction-only with a tiny shell script. Nothing is downloaded or written beyond the simple script's output, so there is low install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its simple behavior of creating a local .eslintrc.json.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide privileges. It only writes a .eslintrc.json in the current working directory, which is expected for this utility.
Assessment
This skill is small and local: it will create or overwrite .eslintrc.json in the current directory using the first argument as the extends value. It does not automatically install npm packages despite the README claiming '自动安装依赖'—you should run npm install -D <packages> yourself if needed. Review any preset names you pass (they become the extends entry and may refer to packages you must install). If you need features like --output or --install, confirm the implementation or extend the script before relying on them.

Like a lobster shell, security has layers — review code before you run it.

configvk977xmekkry9zqxwaa3v927599825n7xeslintvk977xmekkry9zqxwaa3v927599825n7xjavascriptvk977xmekkry9zqxwaa3v927599825n7xlatestvk977xmekkry9zqxwaa3v927599825n7xlintervk977xmekkry9zqxwaa3v927599825n7x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔧 Clawdis

Comments