ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Encode

Encode - command-line tool for everyday use

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 45 · 0 current installs · 0 all-time installs
by@bytesagain3
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md advertises an 'Encoder toolkit' (base64, URL encoding, HTML entities, format conversion), but the visible script primarily implements a local logging/utility command dispatcher (check/validate/generate/format/lint/convert/etc.) and storage/export of log entries. This is not necessarily malicious, but there's a mismatch between the marketing (explicit encoder functions) and the visible implementation.
Instruction Scope
The runtime instructions and the script operate only on a local data directory (~/.local/share/encode/): creating directories, appending log files, searching, exporting, and reporting status. No external network calls or credentials are referenced in the visible parts. Minor concerns: exported JSON and CSV are constructed without escaping field contents (could produce malformed exports or unexpected content), and grep/search accepts user-supplied patterns (potentially surprising regex behavior). Also, the provided script content was truncated in the review, so additional behavior may exist beyond the visible portion.
Install Mechanism
No install spec; this is instruction-only with an included shell script. That is low-risk compared to downloading and executing remote binaries. The script would be written or invoked locally if the agent uses it, but no download URLs or third-party package installs are present.
Credentials
The skill declares no required environment variables or credentials. It optionally honors ENCODE_DIR to change the data directory; otherwise it uses a directory under the user's home. This is proportionate to a local CLI utility that stores data locally.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes to its own data directory under the user's home. It therefore does not request elevated or system-wide persistence or privileges.
What to consider before installing
What to consider before installing: - The tool stores and writes data locally to ~/.local/share/encode/ and will create log files there; if you run it, expect local files to be created and appended. - No credentials or network endpoints are visible in the provided content, which is good, but the script content supplied to the scanner was truncated. Ask for (or inspect) the full script to confirm there are no hidden network calls or other unexpected behavior. - The SKILL.md promises explicit encoding functions (base64, URL encoding, HTML entities) that are not obviously implemented in the visible portion; verify the code implements the features you expect before relying on it. - Minor technical issues: export produces JSON/CSV by concatenating fields without robust escaping (may produce malformed files if values contain quotes/newlines), and search uses user-provided patterns (regexes) which can behave unexpectedly. - If you plan to use this, run it in a restricted environment (non-privileged account or sandbox) first, inspect the full script for network calls and file-system operations, and review exported files before sharing them.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk973gydfvh7kt6k0tzd7bg2r1h831x4e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Encode

Encoder toolkit — base64, URL encoding, HTML entities, and format conversion.

Commands

CommandDescription
encode helpShow usage info
encode runRun main task
encode statusCheck state
encode listList items
encode add <item>Add item
encode export <fmt>Export data

Usage

encode help
encode run
encode status

Examples

encode help
encode run
encode export json

Output

Results go to stdout. Save with encode run > output.txt.

Configuration

Set ENCODE_DIR to change data directory. Default: ~/.local/share/encode/

Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback

Features

  • Simple command-line interface for quick access
  • Local data storage with JSON/CSV export
  • History tracking and activity logs
  • Search across all entries
  • Status monitoring and health checks
  • No external dependencies required

Quick Start

# Check status
encode status

# View help and available commands
encode help

# View statistics
encode stats

# Export your data
encode export json

How It Works

Encode stores all data locally in ~/.local/share/encode/. Each command logs activity with timestamps for full traceability. Use stats to see a summary, or export to back up your data in JSON, CSV, or plain text format.

Support

Powered by BytesAgain | bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…