ClawHub

Rec. Letter Assistant

v1.0.0

Helps faculty and mentors draft standardized recommendation letters for.

0· 50·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included code and reference material: a small Python script produces letter drafts and guidance docs support letter-writing. Nothing in the package requests unrelated cloud credentials, system access, or binaries.
Instruction Scope
SKILL.md instructs running scripts/main.py and mentions validating inputs, file IO protections, and a CONFIG block; the actual script is simple (accepts a CLI name, builds text, prints JSON) and does not read external files, network resources, or environment variables. This is a minor documentation vs implementation mismatch (the doc suggests more file/config handling than the code performs).
Install Mechanism
No install spec and only a small Python script are included. There are no downloads, package installs, or extract steps. Risk from installation is minimal.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code also does not access env vars or secrets. Credential scope is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes. It does not modify other skills or agent settings.
Assessment
This package is small and internally coherent, but before installing or using it: 1) review scripts/main.py locally and run it in a sandboxed environment to confirm behavior; 2) avoid pasting sensitive applicant data into untrusted environments—test with dummy names first; 3) note the SKILL.md mentions CONFIG blocks and file IO protections that the script doesn't implement, so if you plan to extend the skill to read/write real files, add proper path validation and sandboxing; 4) if you rely on this in production, consider pinning Python package versions and adding input validation/logging to avoid accidental disclosure.

Like a lobster shell, security has layers — review code before you run it.

latestvk978b6zj9r1nryjmcrh3pf4p5583zgp7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments