Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
java-code-review
v1.0.0Java 代码质量保障技能。用于 GitLab 项目分支合并前的 Code Review,支持:(1) 指定项目从 A 分支合并到 B 分支的代码变更审查;(2) 基于 Security/Performance/Correctness/Maintainability/Testing 五大维度进行代码质量检查;(3...
⭐ 0· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to perform GitLab-based Java code reviews (compare commits, generate reports, and optionally merge). That purpose legitimately requires access to a GitLab API token and knowledge of a GitLab host. However the package metadata declares no required environment variables or primary credential while the SKILL.md explicitly describes using PRIVATE-TOKEN / Authorization headers and a default GitLab URL. The checklist also contains organization-specific constraints (package name prefix cn.ctg.travel.{project}) which are not generic to all users — this reduces portability and suggests the skill was written for a specific org.
Instruction Scope
Runtime instructions instruct the agent to call GitLab APIs (compare, commit diffs, create merge requests, or directly commit merges), save CR reports to task/codereview/{date}/, and read a token 'from TOOLS.md or user specified'. Those actions include network requests to a GitLab host and writing local report files. The instructions do not limit where tokens are read from (mentions TOOLS.md) and do not declare precise env/config requirements, creating ambiguity about what the agent will access at runtime.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. No downloads or extracted archives are present, which lowers install-time risk.
Credentials
The skill needs a GitLab access token with API permissions to read diffs and perform merges, but the registry metadata lists no required environment variables or primary credential. The SKILL.md suggests tokens may be obtained from 'TOOLS.md' or provided by the user — this mismatch is consequential: a user may unknowingly supply a high-privilege token or the agent may try to read local token files. No other unrelated credentials are requested, but the absence of an explicit declared credential is misleading.
Persistence & Privilege
always:false and user-invocable:true (default) — normal. The skill writes reports to a local task/codereview directory per its instructions; that is expected behavior for a reporting tool but the skill does not declare config paths. It does not request persistent platform privileges or alteration of other skills.
What to consider before installing
This skill implements a reasonable GitLab-based Java code-review workflow, but it omits declaring the GitLab credential it requires and includes company-specific rules. Before installing or running it: (1) confirm where the GitLab token should come from (do not put a high-privilege token in a shared file); prefer creating a least-privilege PAT that can read repositories and create/accept merge requests only if you intend to allow merges; (2) confirm the GitLab host (the SKILL.md uses https://git.xxx.com by default) and update it if needed; (3) review and accept the organization-specific checks (package-name enforcement, ORM rules) or edit them out; (4) verify where CR reports will be stored and whether that directory is acceptable for sensitive info (reports may include file diffs and authors); (5) test the skill in a sandbox project with a limited token so you can observe behavior (including network calls and file writes) before using it with production credentials. If you want greater assurance, ask the publisher to explicitly declare required env vars/credentials and to confirm that the agent will only read tokens from a documented, user-approved location.Like a lobster shell, security has layers — review code before you run it.
latestvk97cbgpw8f05h3bhnec02p5rnd83jb2t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.