ClawHub

Secret Sealer

v2.0.1

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Secret Sealer concepts, best practices, and implementation patterns.

0· 106·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a reference for Secret Sealer and the provided assets (SKILL.md + a small shell script that prints documentation) match that purpose. There is a minor metadata inconsistency: registry version is 2.0.1 while the script's VERSION is 2.0.0 and the help text uses a literal $VERSION due to quoting — this looks like a minor packaging bug, not malicious behavior.
Instruction Scope
SKILL.md explicitly states commands output heredoc text with no external API calls. The shipped script only emits embedded documentation and does not read arbitrary files, access environment variables, perform network I/O, or transmit data. The script does not prompt for or require credentials.
Install Mechanism
There is no install spec (instruction-only skill) and the only included executable is a small bash script. Nothing is downloaded or extracted at install time.
Credentials
The skill declares no required environment variables, no credentials, and the runtime code does not reference env vars or secret files. No disproportionate credential requests are present.
Persistence & Privilege
The skill is not set to always: true and does not request persistent system configuration or modify other skills. Default autonomous invocation is allowed (platform default) but the skill itself has no elevated privileges or persistent behaviors.
Assessment
This skill appears to be a safe, local documentation helper that only prints static text. Before installing, you can: (1) review the script contents yourself (it is included and short), (2) verify the project/homepage if you need provenance, and (3) run it in a sandbox or non-privileged environment if you prefer. The only oddities are a small version-string mismatch (script shows v2.0.0 while registry lists v2.0.1) and a harmless quoting issue in the help output — neither affects safety but may indicate the package wasn't fully synchronized.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tbvd5eybkk1dtyfhk0nvts83hh3z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments