ClawHub

Hashtag

v2.0.4

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Hashtag concepts, best practices, and implementation patterns.

0· 335·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (reference for Hashtag devtools) align with the included assets: SKILL.md provides command docs and the script prints static documentation. Minor inconsistency: repository/metadata version is 2.0.4 while scripts/script.sh sets VERSION="2.0.3" — likely a small packaging/version mismatch but not indicative of malicious behavior.
Instruction Scope
SKILL.md instructs the agent to output plain-text heredocs and explicitly states no external API calls or credentials. The bundled scripts/script.sh implements only local, static documentation commands (heredocs, help, simple argument handling) and does not read environment variables, system config paths, or make network/system calls.
Install Mechanism
There is no install specification (instruction-only). A code file is included but it is a simple bash script with no downloads, no extraction, and no external install steps. No high-risk install mechanism is present.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the script does not use or leak any environment values. The requested privileges are proportional to a read-only reference tool.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide changes. It does not modify other skills or global agent settings. Note: the platform default allows autonomous invocation, which is normal and not by itself a concern given the skill's minimal scope.
Assessment
This skill appears coherent and low-risk: it only prints bundled reference text and does not require credentials, network access, or installations. Before installing, verify you trust the source (bytesagain.com / the GitHub repo), consider the minor version mismatch between SKILL metadata (2.0.4) and the script (2.0.3), and confirm your agent will run the script without elevated privileges. If you need absolute isolation, run the script in a sandboxed environment or inspect the repository for later changes before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ck7mwp7c47zdq8xgyvpb7583h7fm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments