ClawHub

Cto Advisor

v2.1.1

Technical leadership guidance for engineering teams, architecture decisions, and technology strategy. Use when assessing technical debt, scaling engineering...

5· 2.5k·17 current·17 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (CTO/advisory, tech-debt assessment, team scaling, architecture guidance) match the provided assets: rich reference docs and two Python tools (tech_debt_analyzer.py, team_scaling_calculator.py). There are no unrelated requirements (no cloud credentials, no unusual binaries).
Instruction Scope
SKILL.md instructs running the included Python scripts and reviewing bundled reference documents. The instructions do not ask the agent to read unrelated system files, access external endpoints, or exfiltrate secrets. The scripts (as shown) perform local calculations and produce JSON/report outputs.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). No external downloads, package installs, or archive extraction are declared. Risk surface is limited to executing local Python scripts.
Credentials
The skill requires no environment variables, credentials, or config paths. The declared primary credential is none. Required access is proportionate: running analysis tools and reading included reference files.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges; always is false and it is user-invocable. It does not modify other skills or system-wide settings according to metadata and SKILL.md.
Assessment
This skill is internally coherent for CTO/advisory tasks, but exercise normal caution before executing third‑party code: (1) inspect the two Python scripts fully to confirm there are no unexpected network calls, subprocess executions, or file system writes beyond intended report outputs; (2) run them in a sandbox or isolated environment (or with a dedicated Python virtualenv) the first time; (3) verify any generated reports before sharing; and (4) note the package has no homepage and an unknown source — treat it like unvetted community content until you vet the author and code.

Like a lobster shell, security has layers — review code before you run it.

latestvk973x0bxtsf5tw0x80gf06bens82jg3s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments