Oathe Security Badge

Is alirezarezvani/codebase-onboarding safe?

https://clawhub.ai/alirezarezvani/codebase-onboarding

96
SAFE

This is a legitimate codebase onboarding documentation generator that helps create comprehensive README files and developer guides. No malicious behavior detected during installation or in skill content. All security canaries remain intact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

INFO ClawHub API Communication -5

During installation, the skill makes an HTTPS request to clawhub.ai API endpoint to verify skill metadata. This is expected behavior for skill installation.

LOW Potential Sensitive Context Misuse -5

The skill suggests running filesystem exploration commands that could potentially expose sensitive information if used inappropriately on confidential codebases. However, this is within the skill's stated purpose and would require user action.