ClawHub

Source Trace Builder

v1.0.0

为分析稿建立引用索引和原始出处映射,区分一手与二手来源。;use for sources, citations, research workflows;do not use for 编造文献出处, 替代正式文献管理软件.

0· 94·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, resources/spec.json, README, and the included scripts/run.py are all aligned: the tool ingests citation text, drafts or directories and produces structured Markdown reports and audits. Required binary (python3) is appropriate and minimal.
Instruction Scope
SKILL.md restricts behavior to read-only, review-first outputs and suggests running the bundled script. The script itself only reads local files and writes local output; it contains code to make structured reports, directory audits, CSV audits, pattern scans, and skill audits. Caution: if invoked with a directory (or a broad path), the script will recursively read many file types (md, py, js, json, csv, sh, etc.), so avoid pointing it at large or sensitive directories unless you intend that scan.
Install Mechanism
No install spec; instruction-only skill with an included local Python script. No downloads, no external package installation, and no extract-from-URL behavior are present.
Credentials
No environment variables, credentials, or config paths are required. The script reads local files only and contains patterns to detect secrets, but it does not attempt to access remote endpoints or request unrelated credentials.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always:false). It does not modify other skills or system-wide configuration. Its only write behavior is optional local output file generation (or stdout) when run with --output and not in --dry-run mode.
Assessment
This skill appears coherent and local-only, but take these precautions before running: - Review scripts/run.py yourself (it's included) to confirm behavior matches your expectations. The code is readable and uses only standard library operations. - When testing, run in a safe/isolated directory and use --dry-run or supply a specific input file rather than a broad path (do not point --input at your home directory or repositories with secrets). - Use the provided tests/smoke-test.md to validate outputs before feeding sensitive documents. - If you plan to let an agent execute the script autonomously, restrict the input paths the agent may use to avoid unintended disclosure of unrelated files. - If you need network-enriched verification of sources, note this skill intentionally avoids external lookups; that behavior is by design but may limit verification quality.

Like a lobster shell, security has layers — review code before you run it.

latestvk974wzee9666ttsphc5hmrp22x839myd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧷 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments