ClawHub

aicade galaxy create app skill

v1.0.0

Build general aicade application prompts by taking the user's base prompt plus the platform additions from the bundled 3.1 workflow reference, then assemblin...

0· 47·0 current·0 all-time
by@aicadegalaxy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included files (prompt builder script, templates, and references) align with a tool that assembles an aicade-ready prompt. Required binary is only 'node' and no unrelated credentials or services are requested.
Instruction Scope
SKILL.md restricts behavior to collecting user prompt inputs, reading bundled reference files, and running the local Node script to output a combined prompt. One caution: the script reads the JSON file path supplied via --spec (resolved from process.cwd()), so if a user points it at a sensitive local file the script will parse and include its contents — this is expected for a prompt builder but worth noting as a potential data-exposure risk if mishandled.
Install Mechanism
Instruction-only skill with no install spec; it includes a local Node script and assets. No external downloads or arbitrary install steps are present.
Credentials
The skill declares no required environment variables or credentials. The docs reference AICADE_API_KEY / AICADE_API_SECRET_KEY / AICADE_API_APP_NO as platform-specific variables the user would obtain separately, but the skill does not require or request them to run.
Persistence & Privilege
always is false and disable-model-invocation is true (no autonomous model calls). The skill does not modify other skills or system-wide settings and does not request permanent presence or elevated privileges.
Assessment
This skill appears to do what it says: it runs a local Node script that reads a user-supplied JSON spec and prints an assembled prompt. Before using it: (1) ensure you run the script locally (it reads files relative to your working directory) and only pass a spec file you intend to share; do not point --spec at secrets or system files. (2) The README mentions AICADE_* env vars as platform credentials — only obtain and provide those from the official platform if you need to integrate with Aicade. (3) No network calls or uploads are present in the included files, but treat generated prompts as potentially sensitive if you paste them into external services. (4) Verify Node is from a trusted source on your machine and inspect the included script if you have any additional security concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vzm0hwm5d2p8benp1gk09x83rned

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕹️ Clawdis
Binsnode

Comments