Skill flagged β suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cuihua Error Handler
v1.0.0π‘οΈ AI-powered error handling assistant that transforms fragile code into resilient systems. Automatically generate comprehensive error handling, recovery st...
β 0Β· 58Β·0 currentΒ·0 all-time
MIT-0
Download zip
LicenseMIT-0 Β· Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AI error handling assistant) align with what is included: node is the only required binary, the package contains a JS CLI (error-handler.js) and examples, and SKILL.md describes scanning/generating error handling. There are no unrelated cloud credentials or strange binaries requested.
Instruction Scope
SKILL.md instructs the agent to scan code directories and generate try/catch/recovery code β this matches the provided error-handler.js implementation. The instructions do involve reading source files (expected for this purpose) but do not direct the agent to access unrelated system paths or to transmit data externally.
Install Mechanism
No install spec (instruction-only) and no external downloads; the only runtime requirement is node. Note: the skill includes executable JS files that will run locally if the agent invokes them; executing bundled code is normal but carries the usual risk of running thirdβparty scripts.
Credentials
The skill declares no required environment variables, which is reasonable. One included test file references process.env.JWT_SECRET (test-code.js), but the core CLI (error-handler.js) does not require secrets. This is a minor inconsistency to be aware of: example/test code references an env var that isn't declared or needed by the analyzer itself.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with any unusual permissions.
Assessment
This skill appears to do what it says: it scans JavaScript/TypeScript files and generates error handling. Before running it on a sensitive repository, review the bundled files (error-handler.js and test-code.js) to confirm there are no network calls, telemetry endpoints, or credential exfiltration logic. Be cautious when pointing the tool at directories that contain secrets (env files, config with API keys or private keys) because the analyzer will read files you tell it to scan; do not scan secrets unless you trust the code and execution environment. If you want extra safety, run the CLI in a sandboxed environment or inspect the generated output without applying changes automatically.test-code.js:15
Environment variable access combined with network send.
error-handler.js:40
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers β review code before you run it.
latestvk973e7b3nvmf0xyb21chyhxh8583hc69
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode