ClawHub

Omni Tool

v2.0.0

The all-in-one tool to boost your productivity ⌨️ omni-tool, javascript, bookmark, bookmarks, bookmarks-manager, chrome.

0· 106·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim an offline, bash-based bookmarks/productivity utility and the included script implements a local bash tool that reads/writes only to ~/.local/share/omni-tool. There are no extra binaries, credentials, or unrelated capabilities requested.
Instruction Scope
Runtime instructions and the script are narrowly scoped to logging, searching, exporting, and reporting from local log files. Notable: it persistently stores all inputs in plain-text logs and can export them; the JSON export does not escape values and may produce invalid JSON for inputs containing quotes/newlines. This is a privacy/data-quality concern (not evidence of malicious intent).
Install Mechanism
No install spec — instruction-only skill with a bundled bash script. Nothing is downloaded from external URLs and no archive extraction or package install occurs.
Credentials
The skill requests no environment variables or credentials. It only uses HOME to build a data directory, which is proportional to a local CLI tool that stores user logs.
Persistence & Privilege
The tool writes files under the user's home (~/.local/share/omni-tool). This is typical for CLI utilities but means sensitive inputs will be stored on disk; the skill does not request elevated or cross-skill privileges and 'always' is false.
Assessment
This skill appears to be what it says: an offline bash CLI that stores plain-text logs in ~/.local/share/omni-tool. Before installing or running it, review the script (already bundled) and consider: 1) avoid logging secrets or sensitive data because entries are stored in plain text and included in exports; 2) check file permissions on the data directory; 3) be aware the JSON export does not escape values properly and may be invalid for complex inputs; and 4) run it in a sandboxed account if you want to limit risk. If you need the project to handle secrets or structured exports safely, request fixes (escape/JSON-encode values, add optional encryption or a configurable data path).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a2a2jd33ajc83kjp72sdvw1836jjg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments