ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Laizy

v0.3.0

Orchestrate repo-native, supervised software delivery with the Laizy CLI. Use when a user wants to bootstrap or continue a multi-step coding run with explici...

0· 80·0 current·0 all-time
by@xiaolonggao521
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requirements: the skill delegates to a 'laizy' CLI, and the install record creates a 'laizy' binary from the GitHub npm package. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md is limited to supervising Laizy CLI workflows (start-run, supervisor-tick), reading local run artifacts, steering planner/implementer workers, and running verification commands emitted by Laizy. This is appropriate for a control-plane tool, but be aware the instructions explicitly tell the agent to run verification commands and to perform repository actions (commit/push) as directed by Laizy output — so trust in the laizy binary and review emitted artifacts before executing actions that modify or push repo state.
Install Mechanism
Install is a node package pulled from GitHub (package: github:XiaolongGao521/Laizy) which creates a 'laizy' binary. This is expected for a CLI distributed via npm/GitHub, but installing code from a third-party GitHub repo is a moderate-risk operation compared to instruction-only skills. Verify the upstream project before installing.
Credentials
No environment variables, credentials, or config paths are required by the skill. Repo push/commit behavior will use existing user git credentials, which is consistent with the tool's purpose.
Persistence & Privilege
Skill does not request always:true, does not declare system-wide config modifications, and is user-invocable. It does not demand persistent privileges beyond the installed CLI binary.
Assessment
This skill is a control-plane wrapper around an external CLI (laizy). Before installing or running: 1) Inspect and trust the upstream GitHub repo (XiaolongGao521/Laizy) because the npm install will run third-party code. 2) When supervising runs, review any generated 'supervisor' artifacts and the verification commands before executing them — the skill explicitly instructs the agent to run emitted commands and to commit/push; those actions can change your repo. 3) No extra credentials are requested by the skill itself, but repository push operations will use your existing git credentials, so ensure your environment is secure. If you want lower risk, run Laizy manually in an isolated environment or audit the package source before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973pnt6abgmerp5ved2fqpcqs83vwnr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪄 Clawdis
Binslaizy

Install

Install Laizy CLI from GitHub (npm)
Bins: laizy
npm i -g github:XiaolongGao521/Laizy

Comments