ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ByteRover

v2.1.0

You MUST use this for gathering contexts before any work. This is a Knowledge management for AI agents. Use `brv` to store and retrieve project patterns, dec...

108· 33.9k·217 current·239 all-time
by@byteroverinc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (knowledge management for AI agents) lines up with the SKILL.md: it uses a brv CLI and stores human-readable Markdown under .brv/context-tree. The skill does not request unrelated credentials or config paths. However, the skill claims a default 'ByteRover' LLM provider (no API key) which implies remote LLM usage; that capability should be clearly justified given the claimed local storage focus.
!
Instruction Scope
SKILL.md instructs the agent to run brv query/curate and to read up to 5 project-scoped files (via -f). That is mostly scoped to the project. However the doc contains contradictory statements about data flow: it says 'No authentication needed' and elsewhere 'No data is sent to ByteRover servers unless you explicitly run brv push' while also saying query/curate use a configured LLM provider (default: ByteRover). This ambiguity affects whether project contents will be sent to a remote service when using query/curate. The file-access limits are explicit, which is good, but the ambiguous network/data-flow instruction is a meaningful scope creep risk.
Install Mechanism
The skill bundle has no install spec (instruction-only), but the SKILL.md tells users/agents to run 'npm install -g byterover-cli'. Installing a global npm package pulls code from the npm registry and may run install scripts — a moderate-risk action. The skill provides no source/homepage or provenance for that package in metadata, increasing the risk.
Credentials
The skill declares no required environment variables or credentials. Optional workflows do instruct connecting other LLM providers (OpenAI, Anthropic) which legitimately require API keys; those are optional and proportional. Still, the 'default: ByteRover, no API key needed' claim and lack of provider hosting details are concerning from a privacy perspective.
Persistence & Privilege
The skill does not request always:true and does not demand system-wide config changes. It writes to the project-scoped .brv/context-tree directory (expected for a knowledge manager). Cloud sync (brv push/pull) is opt-in and requires explicit login per the docs — but confirm actual behavior before using.
What to consider before installing
This skill appears to be a local knowledge manager that uses a 'brv' CLI, but there are two things you should verify before installing or using it: 1) Provenance and package safety: SKILL.md tells you to run 'npm install -g byterover-cli' but the registry metadata lists no source or homepage. Before installing globally, inspect the byterover-cli package on the npm registry and review its repository and postinstall scripts (or prefer installing in an isolated environment or container). If you can't find an official source or repo, avoid installing. 2) Data-exfiltration / privacy ambiguity: The doc claims a default ByteRover LLM provider (no API key) yet also states 'No data is sent to ByteRover servers unless you explicitly run brv push.' Those statements contradict each other: running 'brv query'/'brv curate' may send project files or queries to whichever LLM provider is configured. Confirm the provider's implementation (local vs remote) and whether queries/curations are sent over the network. If you will store sensitive code or secrets, either a) configure a known local LLM provider or a trusted provider with clear privacy terms, or b) avoid using query/curate for sensitive content. Operational recommendations: only curate non-sensitive info, add .brv/context-tree to your review/gitignore policy as appropriate, limit -f file selections, test network traffic in a sandbox, and require a verifiable package homepage/repo before global installation. If you need more confidence, ask the author/package for source code or a trusted release link and re-run the evaluation with that information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dvsgd3gp082ztgz9p1phj6s8331mw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments