ClawHub

Nightly Build

v1.1.0

Automates nightly maintenance tasks like skill audits, updates, cleanup, and health checks, then summarizes a morning report.

0· 837·6 current·7 all-time
by@0xraini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/README indicate nightly maintenance and reporting. The code performs system checks, npm audit, git status checks, and log cleanup inside a workspace -- all consistent with that purpose. Minor mismatch: SKILL.md mentions 'Auto-Update: Pull latest changes from git repos' but the provided scripts only check git status/remote update and do not perform automatic 'git pull' or forced updates.
Instruction Scope
SKILL.md asks the agent to schedule and run maintenance tasks; the scripts follow that scope. The scripts run shell commands (git, npm audit, df, uptime, vm_stat), read the workspace/skills/memory directories, delete .log files older than 7 days in the memory directory, and write a nightly report. These actions are within the stated task set, but they will read repository files (package.json, SKILL.md) and run npm audit (which may contact the network) and remove logs in MEMORY_DIR — so the agent will surface filesystem and command output to whoever reads the report.
Install Mechanism
Instruction-only with two script files; no install spec and no external download. Lowest-risk install mechanism.
Credentials
No required environment variables or credentials. Scripts optionally honor WORKSPACE_DIR which is reasonable. No requests for unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill does not request elevated system persistence. It writes reports and logs to the workspace memory directory and may delete old logs there — this is consistent with a cleanup task. It does not modify other skills' configs.
Assessment
This skill will read your workspace and the skills/ and memory/ directories, run system/git/npm commands, remove .log files older than 7 days in the memory directory, and write a nightly-report.md there. Before installing: 1) Confirm WORKSPACE_DIR will point to the intended project (or set it explicitly). 2) Ensure there are no secrets or sensitive files in the workspace/skills directories you don't want read or included in reports. 3) If you rely on logs, back them up since the skill deletes old .log files in MEMORY_DIR. 4) Test a manual run first (nightly run) to inspect the report output and network activity (npm audit and git remote update can contact external services). The small mismatch between the SKILL.md 'auto-update' wording and the scripts (which only check status) is likely benign but worth noting.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bqa6zw7hjethnz5gzmdh0v180x54a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments