Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
README Sync
v1.0.0在每次代码查询/修改工作开始前按需读取README.md了解项目状态,工作结束后按需更新README。触发场景:(1)用户询问项目相关问题(如"并发数是多少?"),(2)需要进行代码查询或修改时。读取时无需确认;写入README或代码时必须先确认。支持跨平台(Claude Code、OpenClaw、Trae、C...
⭐ 1· 35·0 current·0 all-time
by@zyqfxy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, README.md and the included Python script all align: this skill is intended to read, scan, and update README.md and to cache pending update items. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md repeatedly states that writes to README or code require user confirmation and that reads do not. The shipped script, however, will: (1) add pending items immediately (add_pending writes .readme_pending.json without confirmation), and (2) sync_to_readme writes README.md directly (no interactive confirmation in sync_to_readme). This is a direct mismatch between declared runtime policy and actual file operations. The script also scans the repository (iterates directories and lists code files) which is expected for the purpose but means it will access repo structure and up to 20 code file paths.
Install Mechanism
Instruction-only skill with a small Python utility included. No installers, downloads, or external packages are requested. No extracted archives or remote code installs were declared.
Credentials
The skill requests no environment variables, no credentials, and no config paths. File access is limited to the project tree (README.md and a dotfile .readme_pending.json), which is proportional to the documented functionality.
Persistence & Privilege
The skill is not force-enabled (always: false) and asks no special permissions, but it will write to repository files (.readme_pending.json and README.md). Because autonomous invocation is permitted by default on the platform, the mismatch (SKILL.md says writes require confirmation while the code performs writes without prompting) increases the risk of unintentional or unattended modifications. The skill does not modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (read/scan/update README), but there is a meaningful inconsistency: the documentation promises user confirmation before any write, yet the included script performs writes without prompting (adding pending items and the sync operation). Before installing or enabling it for autonomous use, consider:
- Review the full scripts locally. Search for functions named sync, add, auto-init and confirm whether they prompt before writing. In particular, patch sync_to_readme to require explicit user confirmation if you expect interactive approval.
- Test the tool in a disposable repository (backup your README first). Verify behavior of add, pending, sync, init, and auto-init commands.
- If you plan to allow autonomous agent invocation, disable autonomous use until you can ensure writes are always gated by an explicit user prompt. Alternatively, restrict the skill to user-invoked only.
- Note the skill creates a .readme_pending.json file in the project root; review that file for any cached content you may not want committed.
- There is a truncated/possibly buggy section in the provided script (a partial token like "item.name.star" appears in the package listing). Verify the script runs correctly and fix any bugs before use.
If the author updates the code so that all write actions prompt for explicit confirmation (or documents clearly which commands are non-interactive), the current concerns would be resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk978avpj2nwgyxwn9kkdcfjq7984vjk0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.