Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Technical Insight
v1.0.1选型结论出来后,对最终选定的方案做深度技术拆解——内部架构分析、核心机制、竞争壁垒、风险点。不是介绍文章那种表面描述,是真的去拆它怎么运作。工作流包含:架构拆解、机制分析、壁垒识别、风险评估、演进预测、深度报告。
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's files (code-analysis, diagram generators, workflows) align with the stated goal of deep architecture analysis and diagram generation. However, the manifest declares no required environment variables or credentials while the README/DEVELOPMENT_PLAN/SKILL.md and code reference a Tavily API key and expect config files (e.g., ~/.openclaw/.env, ~/.config/tech-insight/tavily_key). This mismatch between declared requirements and actual usage is inconsistent and unexplained.
Instruction Scope
Runtime instructions and code perform network operations (git clone of arbitrary repo URLs), read and write to user filesystem locations (~/.openclaw/workspace, /tmp, and other absolute paths), and invoke other local skill scripts. The SKILL.md and scripts also 'force invoke' other skills (ppt-generator, source-to-architecture). These behaviors expand scope beyond purely in-chat analysis and may access/retain local data; they are reasonable for a code-analysis skill but need explicit declaration and user consent.
Install Mechanism
There is no external download/install spec (instruction-only plus bundled scripts). The code calls standard tools (git, plantuml, python, PIL). No remote installers or obscure URLs are used in the provided files. However, the code expects other local tool/scripts (e.g., a source-to-architecture script at /home/Vincent/...) which is an implicit dependency and a potential integrity risk if not present or if replaced.
Credentials
The package manifest claims no required env vars/credentials, but the docs and code expect a Tavily API key and specific config paths. The skill writes to user home directories and uses absolute paths (including /home/Vincent/...), which is disproportionate without explicit declaration. It does not request cloud or unrelated secrets, but the undeclared Tavily credential and hard-coded paths are a mismatch and a potential secret/config leak risk.
Persistence & Privilege
The skill will create output directories under ~/.openclaw/workspace/tech-insight and write reports/diagrams there — this is expected for a generator. It does not request 'always: true'. However, it invokes other local skills and hard-coded local script paths, which could allow cross-skill access to local code/data; this increases blast radius if those other skills or scripts are malicious or compromised.
What to consider before installing
What to check before installing/using this skill:
- Missing declared credentials: The repo and docs reference a Tavily API key and config files (e.g., ~/.openclaw/.env or ~/.config/tech-insight/tavily_key) but the skill metadata lists no required environment variables — clarify and provide only a scoped API key if needed.
- Filesystem writes and clones: The skill clones arbitrary Git repositories (git clone) and writes analysis output under ~/.openclaw/workspace and /tmp. Run it only with repositories you trust, or in an isolated sandbox/container to avoid unintended data exposure.
- Hard-coded absolute paths: Several scripts call a script at /home/Vincent/.openclaw/... and use hard-coded paths. Ask the author to remove user-specific hard-coded paths or explain why they are present. Hard-coded paths may fail or cause it to execute unexpected local code.
- Cross-skill calls: The workflow force-invokes other skills/tools (ppt-generator, source-to-architecture). Verify what those invoked skills do and whether you trust their code; the invocation chain can access local data and increase risk.
- Execution of external programs: The code calls subprocesses (git, plantuml, other python scripts). Review those subprocess calls and ensure they don't execute untrusted code from cloned repositories. Prefer running in a sandbox.
- Code review & provenance: Because the skill bundles executable scripts, review the full source before enabling. Confirm there are no hidden network endpoints, credential exfiltration, or exec/call sites that run arbitrary code from cloned repos.
If you plan to use it:
- Run it first in a disposable VM or container with no sensitive credentials mounted.
- Provide only the minimum necessary API keys and restrict them (scopes/IP if possible).
- Ask the maintainer to fix manifest inconsistencies (declare required env vars), remove/parameterize hard-coded paths, and document all implicit dependencies (other skills/scripts and required binaries). If the author cannot justify these items, treat the package as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk975pky0g09mrgck7gnx4xdq9n83pggg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis