ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TypeScript Config Generator

v1.0.0

生成专业的 TypeScript 配置,支持严格模式、React、Node.js、Webpack 等多种场景,一键生成最佳实践配置。

0· 389·2 current·2 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md advertises multiple presets (strict, node, react, minimal, library), CLI flags (--output, --target) and richly commented configs, but the shipped typescript-config-generator.sh only accepts a single positional preset (default 'strict'), only toggles the 'strict' compiler option, and always writes a minimal tsconfig.json to the current directory. The declared purpose (multi-scenario generator) is not matched by the actual implementation.
Instruction Scope
The instructions tell users to run a CLI with many options; those options are not implemented in the script. The SKILL.md does not instruct reading unrelated files or secrets. However the runtime behavior (the script) will overwrite tsconfig.json in the current directory without prompting or backup — this is a scope/behavior mismatch and a safety concern for users' repo files.
Install Mechanism
No install spec and no network downloads — lowest installer risk. The skill is instruction-only with a small local shell script; nothing is fetched from external URLs.
Credentials
The skill requests no environment variables, no credentials, and no config paths. There is no evidence of unnecessary credential access or exfiltration.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. It has normal, non-privileged presence.
What to consider before installing
This skill is inconsistent: the README promises many presets and flags that the actual shell script does not implement. The script will overwrite tsconfig.json in the current directory (no backup) and only toggles 'strict' true/false. Before installing or running it: (1) inspect the script (it's short) and consider running it in an empty/test directory; (2) back up any existing tsconfig.json; (3) if you need real multi-scenario configs, either expand the script yourself or use a more fully implemented tool from a known source; (4) if you plan to let an agent invoke this autonomously, be aware it could overwrite repository files — only enable if you trust the source or have repository backups.

Like a lobster shell, security has layers — review code before you run it.

configvk978a0p3zmxcmwzyzw9xcqjq71825tz2generatorvk978a0p3zmxcmwzyzw9xcqjq71825tz2latestvk978a0p3zmxcmwzyzw9xcqjq71825tz2tsconfigvk978a0p3zmxcmwzyzw9xcqjq71825tz2typescriptvk978a0p3zmxcmwzyzw9xcqjq71825tz2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📘 Clawdis

Comments