ClawHub

Agent Ops Framework

v8.0.0

AI agent operations reference — multi-agent architectures, ReAct and chain-of-thought patterns, tool-use conventions, prompt injection defense, and evaluatio...

0· 415·1 current·1 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent operations reference) match the included SKILL.md and the helper script which only emits reference text. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md contains only documentation commands and states there are no external API calls or credentials required. The included script.sh just prints heredoc documentation and does not read files, environment variables, or network endpoints.
Install Mechanism
No install spec (instruction-only), which is low risk. There is a code file (scripts/script.sh) included but no installation or download steps; review before executing but inclusion alone is not inconsistent with the stated purpose.
Credentials
The skill declares no required env vars, no primary credential, and the documentation explicitly states no API keys are needed. There are no unexplained credential requests.
Persistence & Privilege
always is false (no forced presence) and the skill does not request elevated privileges or modify other skills' configuration.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md discusses prompt-injection attacks and explicitly quotes examples such as 'Ignore all previous instructions...'. The detector flagged that pattern, but its presence is part of the security documentation rather than an attempt to manipulate evaluation.
Assessment
This appears to be a documentation/reference skill and is internally consistent. Before installing or executing any included script: (1) inspect scripts/script.sh yourself — it only prints docs here, but you should avoid blindly running shell scripts; (2) be aware the SKILL.md contains prompt-injection examples (expected for security guidance) — these are not active instructions to the agent beyond the documented descriptions; (3) if you allow autonomous invocation, standard caution applies (review outputs before allowing external actions). If you need higher assurance, run the script in an isolated environment or simply use the SKILL.md content without executing any bundled code.

Like a lobster shell, security has layers — review code before you run it.

latestvk976j66ec4pxfyw7530k3yzwbd83e4bxproductivityvk970h09x0t2tr9c3njswgbrbes82sr4w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments