ClawHub

Infra Importer

v2.0.1

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Infra Importer concepts, best practices, and implementation patte...

0· 113·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description indicate a local reference tool. The SKILL.md and the included scripts provide only static reference text and help output; no external services, binaries, or credentials are required. The small mismatch in reported version (registry 2.0.1 vs script VERSION=2.0.0) is an editorial inconsistency but not a security concern.
Instruction Scope
SKILL.md explicitly states all commands output plain-text via heredoc with no network access; the script implements those commands and does not call external endpoints or read environment variables. Minor mismatches: the cheatsheet text mentions a 'troubleshooting' entry that isn't a separate command in the script, and help text uses an unexpanded $VERSION in a single-quoted heredoc—these are documentation/implementation inconsistencies, not evidence of malicious behavior.
Install Mechanism
No install spec is provided (instruction-only with a small helper script). No downloads or archive extraction; nothing is written to disk by an installer. Risk is limited to executing the included script locally if you choose to run it.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the script does not read or export secrets. There is no disproportionate credential request.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not attempt to modify other skills, system-wide agent settings, or persist configuration. Running the script executes with the invoking user's permissions (normal for local tools).
Assessment
This skill appears to be a simple, self-contained reference tool and does not request credentials or perform network calls. The included Bash script prints documentation; if you run it locally it will execute with your user permissions (as any script would). Before running any shipped script, you may: (1) quickly inspect the file (it is readable and short), (2) run it in a restricted environment or container if you prefer, and (3) be aware that the version string in the script differs from the registry metadata (likely a harmless packaging/doc mismatch).

Like a lobster shell, security has layers — review code before you run it.

latestvk9756dgtrmr5sqc4e54wy6zvch83hj0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments