ClawHub

Csrf

v1.0.0

Csrf reference tool. Use when working with csrf in devtools contexts.

0· 79·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CSRF reference tool) matches the included files and commands: SKILL.md directs the agent to run the local scripts/script.sh which prints documentation and guides. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions only call the local scripts/script.sh with simple subcommands; the script only emits static documentation. SKILL.md text refers in places to 'required tools and access credentials' as generic docs, but the skill does not actually require or access any credentials or system state.
Install Mechanism
No install spec is present and no external downloads or package installs are performed. The skill is instruction-only with one bundled script, minimizing install surface.
Credentials
The skill declares no required environment variables, no credentials, and the script does not read env vars or config paths. There are no disproportionate secret or config requests.
Persistence & Privilege
always is false and the skill does not request persistent installation, modify other skills, or change system-wide configuration. It simply prints help text from a local script.
Assessment
This skill is a local documentation/cheatsheet tool implemented as a shell script and appears safe to install. Before running any third-party script, you should: (1) review the bundled script (already done here — it only prints text), (2) confirm you trust the publisher, and (3) be aware that the SKILL.md contains generic references to 'required tools and access credentials' purely as documentation — the skill itself does not use or request credentials or network access. Note: show_help contains a minor bug where $VERSION is in a single-quoted heredoc and will print literally; this is a harmless correctness issue, not a security problem.

Like a lobster shell, security has layers — review code before you run it.

latestvk9783tw0fsgcnhdwke6ytwjr2583ex4y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments