ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Context Onboarding

v1.0.1

Provide new contributors and agents with a concise tour of the workspace identity files (SOUL.md, USER.md, AGENTS.md, TOOLS.md) plus onboarding tips. Use when a newcomer needs context or when you want to double-check how this workspace is configured.

0· 1.6k·2 current·3 all-time
by@crimsondevil333333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered files: a small script and tests that summarize SOUL.md, USER.md, AGENTS.md, TOOLS.md. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md instructs the agent to run a local Python CLI that reads user-specified files and a workspace path. That behavior is consistent with onboarding. Note: some documentation examples reference a 'skills/context-onboarding/...' path while the shipped script lives at 'scripts/context_onboarding.py' — a documentation/path inconsistency (not a security problem). Also, because the CLI accepts arbitrary --workspace and --files, it will read any files you point it to; this is expected but means you should avoid pointing it at directories with secrets.
Install Mechanism
No install spec is provided (instruction-only plus small Python script). Nothing is downloaded or written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested. The script only reads files you explicitly pass or the default identity docs.
Persistence & Privilege
The skill does not request permanent presence (always:false) and contains no code that modifies agent/system configs. Autonomous invocation is allowed by default but not combined with any other elevated privileges.
Assessment
This is a small, coherent tool for summarizing workspace identity docs. Before running it: (1) note the minor documentation path mismatch (the script is at scripts/context_onboarding.py); (2) avoid pointing --workspace or --files at directories containing secrets or private keys — the tool will read whatever files you give it and print their contents; (3) review the short script if you want assurance it doesn't transmit data (it doesn't); and (4) run tests in a sandboxed environment if you are uncertain.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7wg6ywkvfbzh90tcaq90rs80j5en

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments