Clipbox
v2.0.0Save and organize reusable text snippets for quick retrieval. Use when storing code fragments, saving command templates, or building snippet libraries.
⭐ 0· 95·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (save and organize text snippets) align with the provided Bash script and SKILL.md. The script writes timestamped entries to per-command .log files in ~/.local/share/clipbox and provides search, stats, export, and status commands — all consistent with the stated purpose.
Instruction Scope
SKILL.md describes using the included CLI-style script and only references local operations (writing and reading logs, searching, exporting). The runtime instructions do not attempt to read unrelated system files, environment secrets, or transmit data externally.
Install Mechanism
There is no install spec in the registry entry (instruction-only), but a runnable scripts/script.sh is included. That is reasonable (user likely must install or symlink the script themselves), but the package does contain executable code even though no automated install is declared. No network downloads or third-party package installs are present.
Credentials
The skill requests no environment variables, no credentials, and only relies on HOME for the data directory (standard for local CLI tools). Requested utilities (wc, du, tail, grep, date, sed) match the script's usage.
Persistence & Privilege
always is false and the skill does not alter other skills or system configuration. It creates and uses its own per-user data directory (~/.local/share/clipbox) only.
Assessment
This skill appears coherent and works only on local files under ~/.local/share/clipbox. It does not request credentials or make network calls. Before installing or adding the script to your PATH: (1) avoid storing secrets or credentials in clip entries because exports are plain text and not sanitized; (2) be aware exports may produce invalid JSON if entries contain raw quotes/newlines (the script does not escape values); (3) if you plan to share exported files, inspect them first. If you want automatic installation behavior, ask the author for an install spec or audit how you install the script (don’t run unknown installers as root).Like a lobster shell, security has layers — review code before you run it.
latestvk977my9r2dxqk82vcvgt2kmqdx835mt8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.