Policy
v2.0.3Reference tool for business — covers intro, quickstart, patterns and more. Quick lookup for Policy concepts, best practices, and implementation patterns.
⭐ 0· 171·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (policy reference material) match what the package contains: static reference text and a small launcher script. No credentials, network access, or unrelated binaries are requested.
Instruction Scope
SKILL.md explicitly states the tool emits plain-text heredocs with no external API calls. The included script only prints static content and does not read environment variables or make network calls. Minor scope issues: SKILL.md header/version is 2.0.3 while the script sets VERSION=2.0.2, and the help/heredoc quoting means one help string will literally show "$VERSION" instead of the numeric version. The cheatsheet references a 'troubleshooting' command while the actual script uses 'debugging' — these are correctness/usability issues but not scope creep or exfiltration.
Install Mechanism
No install spec present; this is effectively instruction-only with a small bundled script. Nothing is downloaded or written to disk by an install step, so install risk is minimal.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script does not access environment variables or external secrets. Requested privileges are proportionate to the stated purpose.
Persistence & Privilege
Skill is not marked always:true, does not request permanent presence, and does not modify other skills or global agent settings. Default autonomous invocation is allowed but is normal for skills and not combined with other red flags here.
Assessment
This skill appears to be a benign, offline reference that outputs static documentation. Before installing, note a few minor correctness issues: the package registry version (2.0.3) doesn't match the script's VERSION (2.0.2), one help heredoc is quoted so it will print "$VERSION" literally, and the cheatsheet references a 'troubleshooting' command while the script provides 'debugging'. None of these are security issues, but they can cause confusion. If you want extra assurance, inspect/run scripts locally in a sandbox (e.g., open the script content or run it in a disposable shell) to confirm there are no network calls and the output meets your needs.Like a lobster shell, security has layers — review code before you run it.
latestvk97aj4m82w8s2k81brn5cmjae183h92h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.