Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cuihua Code Reviewer
v1.0.0AI-powered code review assistant for OpenClaw agent developers. Automatically analyzes code quality, detects security vulnerabilities, performance issues, an...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, SKILL.md and included analyzer.js/test files are coherent for a code-reviewer. However the declared requirements list only 'git' while the shipped implementation is a Node script (analyzer.js) — the skill does not declare 'node' or the Node runtime as a required binary. Examples also reference environment variables (e.g., SLACK_WEBHOOK_URL) and features (API server mode, CI/CD integration) that are not declared in requires.env. These omissions are inconsistent with the stated capabilities and should be corrected or explained.
Instruction Scope
Most runtime instructions stay within the code-review scope (reading files, analyzing, generating reports). But examples and SKILL.md include steps that transmit reports externally (Slack webhook example, CI job that uploads reports, an API server example that accepts code over HTTP), and the SKILL.md claims ‘Runs locally - code never leaves your machine’ while also documenting ways to send data to external endpoints. The skill's runtime code (analyzer.js) reads arbitrary files via fs APIs and example scripts show analyzing entire directories and scheduled reviews — which is expected for a reviewer but increases blast radius if paired with external reporting/webhook configuration. Also SKILL.md mentions using OpenClaw's 'read' tool but the implementation uses fs.readFileSync directly — a minor mismatch in how file access is done.
Install Mechanism
There is no external install step that downloads remote archives or runs scripts from arbitrary URLs — the package is instruction+source included in the bundle (analyzer.js, examples, tests). That lowers install-time supply-chain risk. No brew/npm/go downloads or extract-from-URL instructions are present.
Credentials
The skill declares no required environment variables, yet documentation and example code reference process.env.SLACK_WEBHOOK_URL and other env-driven behavior (e.g., sending notifications). The analyzer also scans for hardcoded secrets and contains test code with a fake OpenAI key; that's expected. But lack of declared env requirements (and lack of a declared primary credential) is an omission: if you wire up webhooks or CI, sensitive tokens could be used to transmit data externally. Also omission of 'node' as a required binary is inconsistent with the Node-based analyzer implementation.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. It does not modify other skills. Examples include installing a pre-commit hook and running scheduled cron jobs — those are user actions and not automatic. Autonomous invocation is enabled by default (disable-model-invocation: false) which is standard; this combined with the above concerns increases impact if the skill were malicious, but on its own is not unusual.
What to consider before installing
This package appears to be a legitimate local code-review tool, but there are a few red flags to check before you install or run it: 1) Runtime mismatch: the bundle contains a Node script (analyzer.js) but the skill only lists 'git' as a required binary — ensure your environment has Node and that the skill author updates requirements. 2) Undeclared external integrations: examples show posting reports to Slack (SLACK_WEBHOOK_URL) and running an HTTP API server; the skill does not declare any required env vars for these. Only provide webhooks or tokens if you trust the skill and its source. 3) Confirm source and provenance: the registry entry has no homepage and an unknown owner; if you can't audit the code yourself, treat it as higher risk. 4) Audit the code: review analyzer.js and EXAMPLES.md locally before running; pay attention to any code paths that open network connections, spawn processes, or write files outside the project. 5) Run in a restricted environment first: test in an isolated/sandboxed repo or container, avoid giving CI secrets or webhooks until you're confident. 6) If you plan to enable pre-commit hooks or scheduled runs, inspect and control those hooks yourself rather than automatically applying them. If you want me to, I can: list the exact places analyzer.js performs file or network I/O, point out any lines that would execute child processes, or produce a minimal checklist for safely auditing and running this skill.analyzer.js:109
Shell command execution detected (child_process).
analyzer.js:143
Dynamic code execution detected.
test-bad-code.js:17
Dynamic code execution detected.
test-bad-code.js:35
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ark5fh7bhdvx1tw2197241183hx0t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsgit