ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub Code Analyzer

v1.0.0

Clone and analyze GitHub project code quality using DeepSeek AI

0· 210·0 current·0 all-time
by@woaim65
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated purpose—cloning GitHub repos and analyzing them with DeepSeek—is consistent with the implementation: it clones a repo, samples source files, and sends them to an external AI endpoint for analysis. However, the code contains a hard-coded API key constant (ARK_API_KEY) while the registry metadata declares no required credentials or env vars, which is an incoherence (either the key should be supplied externally or not embedded).
!
Instruction Scope
SKILL.md describes analyzing public GitHub repos, which aligns with behavior, but the implementation will: (1) run `git clone` by interpolating the repo URL into a shell command (exec) — this is vulnerable to shell injection if inputs are not sanitized; (2) read and POST sampled source code and project structure to a remote API (ark.cn-beijing.volces.com). The README does not warn that repository contents will be transmitted to that external endpoint, nor does it discuss private repo handling or data retention.
Install Mechanism
There is no install spec (instruction-only/inline code), yet the package includes index.js that depends on axios and Node runtime. The registry declares no required binaries or dependencies. This mismatch is a packaging/operational concern (it may fail at runtime if the agent environment lacks Node/axios) but not an immediate indication of malicious intent.
!
Credentials
The skill declares no required environment variables or credentials, yet the source contains a hard-coded ARK_API_KEY value and sends repository content to an external service. This is inconsistent and risky: secrets embedded in code are poor practice, and sending code to a remote service should be explicitly declared/justified (and should normally require the operator to supply an API key via env var).
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. It creates a temporary directory to clone repositories and attempts to clean it up. There is no evidence it modifies other skills or system configs.
What to consider before installing
What to consider before installing: - This skill will clone the repository you give it and send sampled source files and a project structure to a remote API at ark.cn-beijing.volces.com. If the repo contains sensitive code, secrets, or private info, that data will be transmitted off-host. The SKILL.md does not warn about this. - The code contains a hard-coded API key constant. Embedded keys are dangerous and unexpected; ask the publisher why this key is present and insist on supplying credentials via environment variables instead. - The repo URL is interpolated directly into a shell command using child_process.exec, which can be exploited by specially crafted inputs (shell injection). Only pass trusted, well-formed GitHub URLs, or request the author replace exec with a safer method (e.g., execFile or a git library with argument escaping). - There is no install spec or declared dependencies; confirm the runtime environment will have Node and axios, or request a proper package manifest. - If you need this functionality but want to limit risk: run it in an isolated/sandboxed environment, use only public repositories you control, or request source changes (remove hard-coded key, add explicit env var for API key, sanitize inputs, and document data handling and retention). If you cannot verify the publisher or obtain a clean, dependency-declared package that removes the hard-coded key and addresses input sanitization and explicit data-sharing policies, treat this skill as risky and avoid installing it.
index.js:66
Shell command execution detected (child_process).
!
index.js:103
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2xa07wpr9c0cst56cdq4jd8329kp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments