ClawHub

Wordcraft

v2.0.3

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Wordcraft concepts, best practices, and implementation patterns.

0· 111·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (reference for devtools) matches the delivered behavior: static reference content served via heredocs. Minor inconsistency: registry metadata version is 2.0.3 while the script sets VERSION="2.0.2" in its header — a bookkeeping mismatch but not a functional or security concern.
Instruction Scope
SKILL.md explicitly states there are no external API calls or credentials required; scripts/script.sh implements only local heredoc outputs for each command and does not read files, access environment secrets, or make network calls. One small note: some quickstart text generically mentions 'access credentials' as part of a generic prereq checklist, but the skill itself does not request or use any credentials.
Install Mechanism
No install spec is provided (instruction-only), lowering risk. There is a single benign shell script included; nothing is downloaded or extracted and no install-time actions are declared.
Credentials
The skill declares no required environment variables, and the script does not read or require secrets or external credentials. It only performs simple argument parsing and prints static text.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills/config. disable-model-invocation is default (false), meaning the agent could call it autonomously — this is normal and acceptable given the skill's limited scope and lack of sensitive access.
Assessment
This skill is low-risk: it only prints built-in reference text and asks for no credentials or installs. Before installing, you can inspect scripts/script.sh (already included) to confirm there are no network calls or file reads. Note the minor version mismatch between the package metadata (2.0.3) and the script (VERSION="2.0.2"); this is likely just a bookkeeping issue. Because the agent may invoke skills autonomously by default, consider whether you want to allow autonomous invocation platform-wide, but the skill itself does not require elevated privileges or secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk972jcb2a9psmafpbdcbdt62wx83h7mj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments