ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cap Table

v1.0.0

Cap table management and modeling for startups. Tracks equity分配, option pools, investor ownership, and dilution scenarios. Essential for fundraising.

0· 52·1 current·1 all-time
by@1477009639zw-blip·duplicate of @1477009639zw-blip/betacaptable
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims comprehensive cap table modeling (vesting, dilution, reports, multiple actions) but the bundle only contains a small Python script (cap.py) that prints a simple three-line summary. The required binary (python3) is coherent, but the actual code does not implement the advertised capabilities.
!
Instruction Scope
SKILL.md instructs using a different CLI (captable.py) and several --action flags (summary, dilute, pool, etc.). cap.py does not accept those options; it only accepts --founders, --employees, --investors. This mismatch means the runtime instructions and the shipped code are out of sync. There are no instructions that attempt to read unrelated files or env vars.
Install Mechanism
No install spec and only a single small Python file are included. Nothing is downloaded or extracted, which reduces installation risk.
Credentials
The skill declares no required environment variables, secrets, or config paths. The code does not access env vars or external services.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges.
What to consider before installing
Do not trust this skill as a full cap‑table manager in its current form. The README (SKILL.md) and usage examples reference a different CLI and many features that the included cap.py does not implement. If you need this functionality, ask the author for: (1) corrected SKILL.md that matches the shipped files, (2) the actual implementation of the advertised actions, and (3) a clear changelog or source repo. Because the code is small and local it poses low direct risk (no network calls or secret access), but running mismatched/unknown scripts can still produce incorrect financial results — review and test in a sandbox before relying on outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97czdq305da2f2h8xfsr91h9s83tjrz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binspython3

Comments