ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dep Radar

v2.3.0

Dependency breaking-change radar. Use this skill when the user wants to check for breaking changes, outdated dependencies, upgrade risks, or migration issues...

0· 48·0 current·0 all-time
byTarun Khatri@tarun-khatri
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual code: the package contains a full Python tool that parses dependency files, queries registries, scans the codebase, and searches community sources. However, the registry metadata presented earlier claimed 'No install spec' and 'Required env vars: none / required config paths: none', while files (agents/openai.yaml, README.md, SKILL.md, scripts) clearly reference an install script, optional API keys, and config paths (~/.config/depradar/.env and .claude/depradar.env). That mismatch between the declared metadata and the repository contents is an inconsistency to be aware of (likely a packaging/metadata error, not necessarily malicious).
!
Instruction Scope
SKILL.md instructs the agent to locate and run scripts/depradar.py, scan the user's project files, read config at ~/.config/depradar/.env and .claude/depradar.env, and optionally auto-save reports to ~/Documents/DepRadar/. Those behaviors are expected for this tool, but they do involve reading local files and home-directory configuration. Also SKILL.md contains a detected prompt-injection token (see scan findings). The instructions provide broad discretion (search multiple registries and community sources) and reference multiple local paths — so you should only run it in projects you trust or inside an isolated environment if you are unsure.
Install Mechanism
No remote download URLs are present in the visible files; installation is performed via the included scripts/sync.sh that copies the skill into a local skills directory. README and agents/openai.yaml describe running bash scripts/sync.sh which may optionally run npm install for an optional JS AST parser. This is lower risk than arbitrary remote downloads, but you should inspect sync.sh before execution to confirm it doesn't fetch unexpected remote assets or change unexpected system state.
!
Credentials
The tool references API keys (GITHUB_TOKEN, SCRAPECREATORS_API_KEY, XAI_API_KEY, STACKOVERFLOW_API_KEY) and config files for optional features (community scraping, higher rate limits, Twitter/X integration). Those credentials are proportionate to the described community-signal features. However, the top-level metadata presented earlier claimed 'no required env vars' while several files and the install manifest expect or recommend keys and config files — an inconsistency. Only provide tokens if you understand and accept the specific integrations; prefer minimal scopes (e.g., GitHub token with minimal read-only rate-enhancing scopes).
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and its hook is a benign SessionStart check that prints a tip if GITHUB_TOKEN is missing (the hook always exits 0). Install is local to the user's skills directory. No elevated persistence or system-wide modification was found in the provided files.
Scan Findings in Context
[ignore-previous-instructions] unexpected: The string/pattern 'ignore-previous-instructions' was detected in SKILL.md (prompt-injection pattern). It looks like a prompt/template artifact intended to influence agent instruction-following. It does not, by itself, indicate data exfiltration, but it's a red flag to review the skill's instructions and any embedded prompts carefully before allowing autonomous agent invocation.
What to consider before installing
What to do before installing or running this skill: - Inspect sync.sh and scripts/depradar.py yourself (they're included). Look for any network calls, external downloads, or unexpected shell commands before running the installer. The repo copies files into your home skills directory — verify it does what you expect. - Start in demo/mock mode: run depradar with --mock or run the script in a disposable container/VM to see behavior without network access or touching real config. - Do not supply high-privilege secrets blindly. If you provide a GitHub token, give the minimum scope needed (prefer a read-only token) and understand it increases the skill's GitHub API rate limit capabilities. Only add SCRAPECREATORS/XAI/STACKOVERFLOW keys if you trust the service and have reviewed how those keys are used. - Because SKILL.md contains a detected prompt-injection marker, be cautious about giving the skill autonomous invocation in an agent that can call it without review. Prefer manual invocation until you've inspected files. - If you plan to use it in CI, run it in an isolated build step and audit output; use --no-community or --no-scan flags to limit external scraping or code scanning until you're comfortable. If you want, I can: (1) show the contents of scripts/sync.sh and scripts/depradar.py for a targeted review, (2) point out exactly where env/config paths are read, or (3) produce a short checklist of items to search for in the code before running it.

Like a lobster shell, security has layers — review code before you run it.

breaking-changesvk97f3yc70wfnw9tzpc3zcvbj5d83sacmcargovk97f3yc70wfnw9tzpc3zcvbj5d83sacmdependenciesvk97f3yc70wfnw9tzpc3zcvbj5d83sacmdeveloper-toolsvk97f3yc70wfnw9tzpc3zcvbj5d83sacmlatestvk97f3yc70wfnw9tzpc3zcvbj5d83sacmmavenvk97f3yc70wfnw9tzpc3zcvbj5d83sacmnpmvk97f3yc70wfnw9tzpc3zcvbj5d83sacmpypivk97f3yc70wfnw9tzpc3zcvbj5d83sacmsemvervk97f3yc70wfnw9tzpc3zcvbj5d83sacm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments