ClawHub

Rating

v2.0.0

Rating - command-line tool for everyday use Use when you need rating.

0· 175·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a local rating CLI and the included script implements many rating-related commands that match that purpose. No unrelated credentials, binaries, or network access are requested.
!
Instruction Scope
SKILL.md says you can set RATING_DIR to change the data directory, but the shipped script ignores RATING_DIR and hardcodes DATA_DIR to ${HOME}/.local/share/rating. The documentation/behavior mismatch is not a security issue but is inconsistent and could confuse users about where data is stored.
Install Mechanism
There is no install spec (instruction-only), but a script (scripts/script.sh) is included. The skill claims a 'rating' CLI but provides no automatic installation into PATH — the script will create and use files under the user's home if executed, but nothing is downloaded or installed automatically.
Credentials
No required environment variables or credentials are declared or used. The script writes only to a subdirectory of the user's home (~/.local/share/rating) and reads/writes only those files; this is proportional to its stated function.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and only creates its own data directory under the user's home. It has no elevated persistence or cross-skill privileges.
Scan Findings in Context
[pre-scan-none] expected: Static pre-scan reported no injection signals. The script is local, contains no network endpoints or secret-handling, and this is expected for a simple local utility.
Assessment
This skill appears to be a harmless local CLI tool that will create ~/.local/share/rating and write log and export files there. Before installing or running it, review scripts/script.sh (already included) to confirm you are comfortable with it writing to your home directory. Note: the README mentions RATING_DIR but the script ignores that variable — if you need a different data location, either edit the script or move it into a wrapper that sets DATA_DIR. No credentials or network calls are required, but only run it if you trust the bytesagain.com source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ca4v61w84c3psd5pzfhn7x18325e5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments