ClawHub

Consolidation

v1.0.0

Freight consolidation reference — LCL groupage, milk runs, cross-docking, and shipment merging strategies. Use when optimizing shipping costs, planning conso...

0· 95·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md commands, and the included scripts/script.sh all align: this is a reference/CLI wrapper that prints consolidation guidance. There are no unrelated required env vars or binaries declared.
Instruction Scope
SKILL.md instructs the agent to run local commands of the form `scripts/script.sh <command>`. The visible parts of the script only produce documentation text. The instructions are narrowly scoped (explicit commands) and do not ask the agent to read arbitrary system files, exfiltrate data, or call external endpoints. NOTE: the provided script content was truncated in the review; the remainder should be checked for any file writes, network calls, or credential access.
Install Mechanism
There is no install spec; this is instruction-only plus a bundled script. No remote downloads or package installs are requested, so installation risk is low.
Credentials
The skill declares no required environment variables or credentials. SKILL.md documents an optional CONSOLIDATION_DIR (~/.consolidation/) which is reasonable for a tool that might store local data. No other environment or secret access is requested in the metadata or visible instructions.
Persistence & Privilege
The skill does not request permanent inclusion (always: false) and does not declare elevated privileges. Autonomous model invocation is allowed (platform default) but is not combined with other concerning privileges here.
Assessment
This skill appears to be a harmless local reference that prints freight consolidation guidance. Before installing or running it: 1) inspect the full scripts/script.sh (the provided excerpt was truncated) for any network commands (curl, wget, nc, scp, ssh), file-modifying commands (rm, mv, dd), or calls that reference other system paths or credentials; 2) verify it doesn't write sensitive data into your home directory or other system locations (check for mkdir, >, tee, chmod, chown, etc.); 3) run it in a restricted environment (container or non-privileged user) if you want to test it first; and 4) if you plan to rely on it in production, confirm the author/source (bytesagain.com / GitHub repo) and consider pinning to a known commit. If you provide the remainder of scripts/script.sh, I can re-check for any network/capability concerns and raise the confidence level.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fkkqxeynzp22skytc7ne2hs83btq9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments