by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
Do not install this skill expecting working CodeCC/Git scanning — the package is incomplete. Ask the publisher for: (1) full SKILL.md with concrete runtime steps showing how it authenticates to CodeCC/Git and what tokens/permissions are required; (2) a source or homepage and code files or an install spec; and (3) explicit list of required env vars and scopes. If you need a scanner now, prefer a skill that documents required credentials and shows how it calls official APIs (e.g., api.codecc or yo...详细分析 ▾
⚠ 用途与能力
Name/description say this integrates with CodeCC and Git repos to run scans and SCA, but the skill requests no credentials, binaries, config paths, or install steps — nothing that would allow access to repositories or CodeCC APIs. This is not coherent with the stated purpose.
⚠ 指令范围
SKILL.md contains only placeholder markdown (two headings, a couple of list items). There are no runtime instructions on how to trigger scans, authenticate to CodeCC or Git, or where to send results. The instructions do not implement the described functionality.
✓ 安装机制
No install spec and no code files — lowest install risk. Because nothing is downloaded or written to disk, the install surface is minimal.
⚠ 凭证需求
Given the claimed functionality, one would expect required environment variables or credentials (Git service token, CodeCC API key, SCA registry credentials). The skill asks for none, which is disproportionate and suggests missing or incomplete configuration.
✓ 持久化与权限
Default flags (always:false, autonomous invocation allowed) are normal. The skill does not request persistent presence or modify other skills or system settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/4/8
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install code-scan-test2
镜像加速npx clawhub@latest install code-scan-test2 --registry https://cn.longxiaskill.com