ClawHub

DocClaw

v1.0.3

DocClaw is a documentation skill for OpenClaw that combines live docs search, direct markdown fetch, and offline local-doc fallback.

7· 1k·5 current·5 all-time
byLegendary@vibecodooor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided artifacts: scripts implement live docs index refresh, markdown fetch, and local-doc discovery. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs using the openclaw docs CLI and the shipped Python scripts. The runtime instructions limit network targets to docs.openclaw.ai, forbid passing full URLs to fetch, and explicitly treat fetched docs as untrusted. Instructions do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). All code is included in the skill bundle; no external downloads or archive extraction are performed during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. The scripts read and write only within the skill directory and user home paths for local-doc discovery; no secrets or unrelated env vars are requested or accessed.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does write cache and index files under its own references directory when run, which is expected for an indexing/fetching tool. It does not modify other skills or system-wide agent settings.
Assessment
DocClaw appears coherent and limited to fetching and indexing docs from docs.openclaw.ai and searching local doc directories. Before installing/running: - Note that the scripts perform network requests to docs.openclaw.ai and will write index/cache files under the skill directory (references/). If you need isolation, run them in a sandbox or ephemeral environment. - The code enforces a trusted-host guard and rejects off-domain URLs, but remote content is still treated as untrusted; follow the SKILL.md advice to verify behavior with `openclaw <cmd> --help` when accuracy matters. - The included smoke_test spawns subprocesses and requires python3; do not run smoke_test as root (the script already checks this). Reviewing the referenced index JSON before fetching is a good precaution. - There are no requested secrets or unusual privileges. If you require higher assurance, you can review the references/ directory and run the scripts manually in a controlled environment before enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

docsvk971raxbhgc4p8mfxdph1q30mx81aamtlatestvk979yfrzk7hx7bhzs87rccnap181cwgqopenclawvk971raxbhgc4p8mfxdph1q30mx81aamt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments