ClawHub

Nm Parseltongue Python Packaging

v1.0.0

Python package creation and distribution: pyproject.toml, entry points, PyPI publishing, CI/CD

0· 31·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Python packaging, pyproject, entry points, CI/CD) matches the actual content: documentation and examples for uv, pyproject.toml, entry points, and GitHub Actions. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md contains step-by-step commands and CI examples (uv init, uv build, uv publish, pytest, GitHub Actions) that stay within packaging/publishing scope. It does not instruct reading unrelated host files or accessing unrelated environment variables. CI examples reference standard secrets (PYPI_TOKEN) only in the context of publishing.
Install Mechanism
There is no install spec and no code files to install or execute. This is instruction-only, so nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables or config paths. The documentation shows using a PyPI/GitHub secret in CI (PYPI_TOKEN / UV_PUBLISH_TOKEN) which is appropriate and expected for publishing workflows; no unrelated secrets (AWS, SSH, etc.) are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent presence or modify other skills or system settings.
Assessment
This skill is a documentation-only helper for Python packaging using the 'uv' tool and GitHub Actions. It does not itself install code or ask for credentials, but the commands it recommends (eg. uv publish, pushing git tags, CI workflows using PYPI_TOKEN) will perform network actions if you run them. Before executing any publish/build commands or adding its CI snippets to a repo: (1) confirm you trust the 'uv' tool and the referenced CI actions (astral-sh/setup-uv), (2) never paste your PyPI or other tokens into an untrusted agent — use GitHub secrets for CI, and (3) review any generated CI workflow or publish commands so they don't automatically publish or push tags you don't intend. If you want stricter control, keep this skill instruction-only and run the commands yourself rather than allowing autonomous execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk975n68x88wg5atbp4w8572cf584vn2c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments