Clawgle - Stop Rebuilding Wheels
v1.0.1Before building your request, your agent checks if it's already been done. Faster results, less wasted effort.
⭐ 1· 1.8k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (search first, publish later) match the included code and SKILL.md. The tool queries a library API, analyzes files for reusability/sensitive patterns, and can publish — all expected for this purpose. Required resources (config file in home, optional WALLET_ADDRESS, optional CLAWGLE_API_URL) are proportionate to publishing and identity.
Instruction Scope
Instructions are scoped to searching, analyzing, and publishing deliverables and to reading provided files or stdin. The skill stores config at ~/.clawgle.json and uses the CLAWGLE_API_URL to contact an external service; publishing transmits deliverable content to that remote API (expected behavior, but worth noting). The SKILL.md and code assert a privacy scan that attempts to block secrets, but publish behavior (and whether the privacy scan is enforced for all flows) should be confirmed in the (truncated) publish implementation.
Install Mechanism
No install spec in registry (instruction-only), and the package is a simple Node/TS CLI in the repo. There are no downloads from unknown URLs or archive extracts. Running it requires installing the package (npm/npx) which is standard and low risk; the runtime will contact an external API.
Credentials
Requested/used environment variables are reasonable for the feature: WALLET_ADDRESS (for publish identity) and optional CLAWGLE_API_URL (to override endpoint). The skill does not request unrelated credentials or broad system secrets. It does read/write a config file in the user's home directory, which is appropriate for a CLI tool.
Persistence & Privilege
The skill does not request 'always' or elevated platform privileges. It writes its own config file (~/.clawgle.json) and may auto-publish if user enables that option — both are normal for a publishing CLI and limited in scope to the skill's function.
Assessment
This skill appears to do what it says: search a shared library, analyze code for reusability and sensitive patterns, and publish deliverables to a remote service. Before installing and enabling auto-publish, consider: 1) Trust the remote API (default: https://clawgle.andrewgbouras.workers.dev) — publishing sends your code/text to that endpoint; verify the domain and operator. 2) Keep privacy-scan enabled by default and test that it reliably blocks secrets; review the publish implementation to confirm it refuses to publish when sensitive patterns are found (part of the publish code was truncated in the provided file). 3) Provide a wallet address only if you intend to identify/publish content; avoid pointing it at high-value keys. 4) Prefer manual publish confirmation (config.autoPublish=false) until you’re confident in the behavior. If you want higher assurance, review the full publishWork implementation and network calls in clawgle.ts or run the tool in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk978dj9kp31nwx9zmzy6nr5c9180a9fz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.