ClawHub

Side Hustle Analyst

v0.1.0

Tracks and executes daily steps in a 28-day AI agent side hustle workflow, managing state, logging outcomes, and enforcing approval gates.

0· 68·1 current·1 all-time
byTony Simons@asimons81
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description describe a 28-day execution/tracking workflow and the instructions only require reading a canonical state file and writing logs/summaries—these are proportionate and expected for this purpose.
Instruction Scope
SKILL.md explicitly reads state/course-state.json and writes to output/experiment-log/ and output/daily-summaries/. It does not reference other system files, network endpoints, or unrelated environment variables. Caution: because paths are relative, running the skill from an unexpected working directory could read or overwrite files outside an intended workspace—run in a dedicated directory or container and inspect course-state.json before first run.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is the lowest-risk installation model.
Credentials
No environment variables, binaries, credentials, or config paths are requested beyond the state and output files described in SKILL.md. That matches the skill's functionality.
Persistence & Privilege
The skill maintains persistent state via files in the working directory (course-state.json and output/...). It does not set always:true and defaults to requiring invocation/approval. Ensure the agent's approval prompts cannot be bypassed and that the runtime's file permissions restrict access to only the intended workspace.
Scan Findings in Context
[no-findings] expected: The regex-based scanner had no code to analyze because this is an instruction-only skill; that is expected. Review the SKILL.md instructions directly (done above).
Assessment
This skill appears coherent with its description, but before installing: (1) run it from a dedicated workspace or container so its reads/writes don't affect other files; (2) open and review state/course-state.json to confirm it doesn't contain surprising data; (3) confirm the agent will prompt for and require operator approval (especially for any spend) and that approvals cannot be auto-bypassed; (4) back up any important files in the chosen workspace, and restrict file permissions so the skill cannot overwrite unrelated data.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk97211d3qa6644a4w3j8jqz4nh83xxxwhustlevk97211d3qa6644a4w3j8jqz4nh83xxxwlatestvk97211d3qa6644a4w3j8jqz4nh83xxxwpersonavk97211d3qa6644a4w3j8jqz4nh83xxxw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments