ClawHub

Agent Toolkit

v2.0.2

Configure and benchmark agent tools and integration patterns. Use when setting up agent workflows, comparing tools, or evaluating agents.

0· 439·1 current·1 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered behavior: an instruction-only skill plus a bash CLI that logs, searches, exports, and reports on agent-related entries. Nothing in the files requires unrelated cloud credentials or unusual system access.
Instruction Scope
SKILL.md and the script stay within the declared scope (logging, searching, exporting). However examples explicitly show writing things like 'OpenAI API key rotated' to the logs; the tool will persist any user-provided input verbatim, which means secrets or credentials can be accidentally recorded and later exported or searched.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a bundled bash script. No network fetch or archive extraction occurs during installation.
Credentials
The skill requests no environment variables or credentials. It does implicitly rely on $HOME to set DATA_DIR and standard Unix utilities. Because it stores arbitrary text, the lack of required creds is appropriate, but the examples encourage recording API keys in plaintext — a security/privacy risk but not inconsistent with purpose.
Persistence & Privilege
The script creates and persists files under ~/.local/share/agent-toolkit and appends to history.log and per-command logs (expected). It does not request elevated privileges or modify other skills, but this persistent storage means sensitive data may linger until you remove it.
Assessment
This tool is coherent and appears safe to install, but be careful: it saves whatever you type to plain-text files (~/.local/share/agent-toolkit/*.log and export.*). Avoid pasting API keys, passwords, or other secrets into entries. If you need to record sensitive info, use placeholders or store it encrypted elsewhere. Consider: (1) set DATA_DIR to a secure location or change permissions (chmod 700) on the data directory, (2) do not use agent-toolkit to store raw credentials, (3) periodically review and securely delete or rotate any secrets that may have been logged, and (4) be aware exported files (export.json/csv/txt) may include sensitive entries and are written to disk.

Like a lobster shell, security has layers — review code before you run it.

chinesevk97a7q4dmdrbt4kprqannvpk2s82q4k2latestvk97ej55g4pqnrhve7tpzb5wcgs8351fvproductivityvk97a7q4dmdrbt4kprqannvpk2s82q4k2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments