ByteRover
You MUST use this for gathering contexts before any work. This is a Knowledge management for AI agents. Use `brv` to store and retrieve project patterns, dec...
SKILL.md
text/markdown · 13101 字节
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The skill's purpose and instructions are coherent for a local knowledge-management helper, but it directs installing an external npm CLI and implies sending project data to a default remote LLM provider with no clear disclosure or provenance — which could expose project files or secrets.
置信度: medium
VirusTotal
Type: OpenClaw Skill Name: byterover Version: 3.1.0 The skill bundle promotes the use of an external CLI tool (`byterover-cli`) and a third-party service (byterover.dev) for 'AI knowledge management.' It instructs the agent to send project context and source files to a remote LLM provider that requires no API key by default, which poses a significant data exfiltration risk. While the documentation claims data is only sent to servers during a `vc push`, the `query` and `curate` commands rely on a cloud-based LLM provider, creating a contradiction regarding data privacy. The forceful instructions in `SKILL.md` requiring the agent to use the tool 'before any work' increase the risk of sensitive project data being uploaded to an unverified third-party service.