Skill flagged β suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cuihua Logger
v1.0.0π AI-powered logging assistant that generates production-ready structured logs. Automatically add intelligent logging to your code with proper levels, conte...
β 0Β· 65Β·0 currentΒ·0 all-time
MIT-0
Download zip
LicenseMIT-0 Β· Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description promise: 'automatically add intelligent logging' and examples showing generated 'after' code and 'Add logging to function' workflows. Actual bundled code (logger.js) implements scanning, detection of functions lacking logging, generating logging snippet text, and producing a coverage report, but it does not write changes back to source files or integrate with repositories/CI. No environment variables, binaries, or external services are requested β those ARE consistent with a local analysis tool, but the 'auto-add' and 'multiple logger support' claims are overstated relative to what the code actually performs.
Instruction Scope
SKILL.md instructs analysis and shows examples for adding logging and running commands like 'node logger.js check ./src'. The runtime instructions and the shipped CLI align with scanning/analysis of a target path. However SKILL.md implies the agent will 'add' or patch logging into functions; the provided code only returns generated snippet text and a report and does not implement in-place modifications, patching, or writing files. The tool reads arbitrary files under the target path (as expected) β exercise caution about which path you point it at (don't run against system directories or secrets).
Install Mechanism
Instruction-only install (no install spec) and a single Node CLI file. Requires 'node' binary which matches the code. No network downloads or extract steps are present. Low install risk.
Credentials
No environment variables, credentials, or config paths are declared or required. The code operates on filesystem paths only and does not access or require secrets β proportional to the stated purpose of static analysis/coverage reporting.
Persistence & Privilege
Skill does not request persistent/always-on presence. It is user-invocable and the CLI runs on demand. The code does not modify other skills or global agent configuration.
What to consider before installing
This package appears to be a local static analyzer that reports where logging is missing and produces example logging snippets, but it does NOT automatically patch your source files. If you expect automated in-place changes, this will not do that as-is. Before running: (1) review logger.js (it reads every file under the target path) and run it only on a project copy or in a sandboxed repo to avoid scanning unintended files; (2) if you need automated edits, either implement a safe write/patch step yourself or verify the tool that will apply the snippets; (3) confirm node is installed and run the CLI with an explicit path (e.g., ./src) rather than root/~/; (4) because the tool reads your codebase, donβt run it on directories containing secrets or system configs. If you want the tool to actually insert logging automatically, ask the author for an implementation that writes changes and includes safeguards (backups, dry-run, and clear patching behavior).Like a lobster shell, security has layers β review code before you run it.
latestvk973g5ahd3fmy4smx5ebdewsen83hbsg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode