Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fusion Workflow Hub
v1.0.0融合 Graphify 知识图谱 + Everything Claude Code (ECC) 工作流 + OpenClaw 的超级效率中心。 Use when: 用户想要快速理解代码库结构、执行规划/审查/TDD 等标准化工作流、结合知识图谱进行深度代码分析、一站式解决复杂编程任务,或整合多个工具能力提升效率。...
⭐ 0· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (codebase analysis + ECC workflows) align with the runtime instructions (invoke Graphify to build/query a knowledge graph and call ECC workflows). However the package provenance is unclear (no homepage/source) despite claims of popular third-party projects; the skill asserts integration with large projects but provides no authoritative links, which reduces trustworthiness.
Instruction Scope
SKILL.md only instructs running Graphify commands, reading local output files (GRAPH_REPORT.md, graphify-out/graph.html), and invoking other ECC/OpenClaw skills via 'use_skill' or '/use' commands. It does not ask the agent to read unrelated system files, environment variables, or transmit data to unknown external endpoints. The instructions are narrowly scoped to code analysis workflows.
Install Mechanism
There is no formal install spec, but SKILL.md directs the user to 'pip install graphifyy' and optional deps. Asking users/agents to pip-install an unverified package is a moderate risk: PyPI packages run arbitrary install-time code and the repository/source for 'graphifyy' is not provided. There is also a minor inconsistency: commands run as 'python -m graphify' while the package name is 'graphifyy'—this could be legitimate (different package/module name) or a typo/fork, but it increases the risk and should be verified before installing.
Credentials
The skill declares no required environment variables, secrets, or config paths. It only references local output files produced by Graphify. There is no disproportionate credential request in the metadata or SKILL.md.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not modify other skills or system-wide settings. Autonomous invocation is enabled by default (not flagged by itself) and is consistent with how the skill expects to call other ECC/OpenClaw skills.
What to consider before installing
This skill appears to be a wrapper that coordinates Graphify (a code-graph tool) and ECC workflows; that is coherent, but exercise caution before installing or running anything it instructs. Verify the provenance of the referenced packages and projects: find the official Graphify and ECC repositories or PyPI pages (the SKILL references 'pip install graphifyy' but provides no link). Confirm whether 'graphifyy' is the intended package or a typo/fork. Avoid running 'pip install' on unknown packages without reviewing their source code and publisher. Also check that the other ECC/OpenClaw skills it invokes (tdd-workflow, code-review, etc.) actually exist in your agent environment—otherwise the skill may fail or attempt unexpected fallbacks. If you cannot verify upstream sources, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97a9r6mrgep94ekwgpqtsk4th84hbf6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.