ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wasm Spa Autofix React Imports

v0.1.0

Meticulously detect and fix missing React/TSX imports, undefined components, and bundler runtime errors in the WASM SPA build/preview pipeline. Ensures JSX c...

0· 464·0 current·0 all-time
byTippy Entertainment@tippyentertainment
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (auto-fix React imports in a WASM SPA preview pipeline) matches the declared inputs (projectRoot, filePath, fileContents, bundlerLogs, knownLibraries) and the described behavior (search codebase, infer missing imports, produce patches). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read additional project files (barrel files, tsconfig, sibling components) and to edit files (imports, entry file, tsconfig) when needed. That is coherent for the stated purpose, but it means the agent will inspect and modify arbitrary project files under the provided projectRoot — review patches before applying and prefer dryRun for review.
Install Mechanism
Instruction-only skill with no install spec or code files. No downloads or external package installs are requested, so there is no install-time risk.
Credentials
The skill requires no environment variables, credentials, or config paths beyond the project path inputs. Requested access is proportional to locating imports and making source edits.
Persistence & Privilege
The skill does not request permanent presence (always:false) or system-wide config changes. It may modify project files within the provided projectRoot, which is expected behavior for a code-fixing tool.
Assessment
This skill appears to do exactly what it says: read the project (under the projectRoot you supply), detect missing/incorrect imports, and propose or apply patches. To reduce risk: run first with dryRun:true and review unified diffs before applying; supply a specific projectRoot that limits file access (not system root); avoid giving it access to repositories containing secrets; confirm patches to build/config files (tsconfig, entry file) manually if you’re unsure; and only enable autonomous invocation if you trust the runtime to make safe edits. If you need higher assurance, request a copy of the exact patch output before applying or run the fixes inside an isolated CI job/repository clone.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxy3acyp528eqk12c0j6dm581p89b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments