ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Abstract Rules Eval

v1.8.3

Evaluate and validate Claude Code rules in .claude/rules/ directories. Use for frontmatter, glob patterns, and quality audits

0· 109·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the declared behavior: validating YAML frontmatter, glob patterns, content quality, and organization for files under .claude/rules/. The single required config path (night-market.skills-eval) is plausible for a Night Market plugin.
!
Instruction Scope
SKILL.md instructs scanning local .claude/rules/ files, checking symlinks, token/verbosity analysis, and references a 'Rules Validator' at scripts/rules_validator.py. No such script or executable is included in the manifest (the skill is instruction-only). That missing dependency is an incoherence: either the instructions assume external tooling that must exist in the agent environment, or the package is incomplete. The SKILL.md also lists a slightly different version (1.8.2) than the registry (1.8.3).
Install Mechanism
Instruction-only skill with no install spec or downloads — lowest install risk. Because there is no installer, any external tooling the instructions reference must already be present on the agent, which is not guaranteed.
Credentials
No environment variables or credentials requested. The single required config path (night-market.skills-eval) is plausible for a plugin framework; nothing appears to request unrelated secrets or system credentials.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modifications to other skills. Autonomous invocation is allowed (platform default) but is not combined with broad privileges here.
What to consider before installing
This skill appears to do what it says (validate rule files under .claude/rules/), but the runtime instructions refer to a 'scripts/rules_validator.py' tool that is not included in the skill bundle. Before installing or relying on this skill, confirm with the author or provider whether you need to: 1) install an external validator script or package into the agent environment, or 2) update the skill bundle to include that script. Also note the SKILL.md version differs from the registry version (minor but worth confirming). Because the skill scans your repository files and symlinks, only use it in environments where you trust the skill and ensure it cannot exfiltrate data (there are no external endpoints declared in the skill files, but missing tooling could change behavior). If you need to proceed: request the missing script or a clear runtime prerequisite list, run the skill in a sandboxed environment first, and verify what files it reads and whether it makes any network calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk972w3aejhgzx2xjad4k22c73s84kdew

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.skills-eval

Comments