ClawHub

Security Suite

v2.0.1

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Security Suite concepts, best practices, and implementation patte...

0· 103·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (reference/devtools security docs) match the included behavior: SKILL.md promises plain-text reference output and the bundled scripts emit static heredoc documentation. There are no unrelated environment variables, binaries, or network requirements. Minor nit: SKILL.md metadata shows version 2.0.1 while the script sets VERSION="2.0.0" — this is an implementation/versioning inconsistency but not a security concern.
Instruction Scope
The runtime instructions and the script stay within scope: all commands print static documentation via heredocs. The script does not read files, inspect environment variables, perform network calls, or transmit data elsewhere. The show_help heredoc is single-quoted so it prints the literal string '$VERSION' (user-facing bug), but this does not expand or leak secrets.
Install Mechanism
There is no install specification (instruction-only skill with an included script). No downloads, package installs, or extract steps are present. The only shipped code is a standalone shell script which is readable and does not perform risky actions.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script likewise does not access environment variables or credentials. The lack of requested secrets is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-on and does not request persistent privileges or modify other skills or system-wide agent settings. It is user-invocable and can be run on demand, which is appropriate for a reference tool.
Assessment
This skill appears to be a simple local reference tool and is coherent with its description: it prints static docs and does not access the network or require credentials. If you plan to install or run it, review the bundled scripts locally (they are short and readable) and verify the output matches your expectations. Note the small issues: the script's VERSION value (2.0.0) differs from the SKILL metadata (2.0.1), and the help text uses a single-quoted heredoc so it will display the literal "$VERSION" instead of the numeric version — these are benign implementation bugs, not security problems. As always, only enable skills you trust and review included code if you require a higher assurance level.

Like a lobster shell, security has layers — review code before you run it.

latestvk979d7pcxzqwav263s6ny1s4y583hazb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments