Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Roo Code
v1.0.0Roo Code AI 编程助手,精通 VS Code 内 AI Agent、多模式切换、MCP 集成
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a VS Code extension agent that performs file I/O, runs shell commands, and integrates MCP tools — that purpose is plausible. However, the skill bundle is instruction-only (no code, no install spec) and declares no required env vars or binaries even though the instructions show use of VS Code, npx, and environment tokens (e.g., GITHUB_TOKEN). Also the suggested extension id (RooVeterinaryInc.roo-cline) does not obviously match the skill name, which is a minor mismatch.
Instruction Scope
The runtime instructions encourage actions with broad scope: editing project files (.roomodes), reading .vscode/mcp.json, running npx to spawn MCP servers, and executing shell commands. Those capabilities can read and transmit project contents or run arbitrary packages. The SKILL.md also shows env interpolation (e.g., ${env:GITHUB_TOKEN}) even though no credentials are declared, which is a scope/authority gap.
Install Mechanism
There is no formal install spec (lowest platform install risk). However, the instructions tell users to install a VS Code extension via the marketplace and to run 'npx -y' to fetch MCP packages at runtime — both will pull third-party code from registries when used and could introduce risk depending on the package source.
Credentials
The skill's declared metadata requests no env vars, yet the documentation explicitly demonstrates using credentials (GITHUB_TOKEN, API keys for OpenAI/Anthropic/etc.). This mismatch is concerning: the skill expects or suggests secrets will be used, but does not declare or justify them in the metadata, increasing the chance of accidental credential exposure if users follow examples without understanding implications.
Persistence & Privilege
The skill is not forced always-on and is user-invocable; autonomous model invocation is enabled but that's the platform default. The skill does not request persistent platform privileges in its manifest.
What to consider before installing
This skill describes a powerful VS Code AI agent but is provided only as instructions (no code) and contains a few mismatches. Before installing or following its examples: (1) verify the extension’s publisher and extension id in the official VS Code Marketplace rather than running the shown CLI blindly, (2) never paste or provision secrets (GITHUB_TOKEN, OpenAI keys, etc.) unless you trust the publisher and understand what will access them, (3) be cautious about running npx commands that fetch packages at runtime—prefer pinned, official package releases, (4) review any .roomodes or .vscode/mcp.json files in a safe environment to see what external tools/APIs are being invoked, and (5) if you want to try it, test in an isolated project or VM with no sensitive data. The inconsistencies here are not proof of malice but do warrant caution.Like a lobster shell, security has layers — review code before you run it.
latestvk979s4ntq8qqj6qskpnkr0nay183dtvf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.