ClawHub

Markpad

v2.0.3

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Markpad concepts, best practices, and implementation patterns.

0· 109·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (reference documentation for Markpad) align with the provided assets: SKILL.md describes local text outputs and the included shell script implements the same set of commands. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs the agent to output plain-text reference documentation and explicitly states no external API calls or credentials; the included scripts only emit heredoc content and do not read files, environment variables, or make network calls. No scope creep detected.
Install Mechanism
No install spec (instruction-only) which is low risk. There is a bundled scripts/script.sh file but no installer — the presence of a script is expected for a CLI-style reference tool. Nothing is downloaded or executed from remote URLs.
Credentials
The skill requests no environment variables, credentials, or config paths. The script also does not reference or read any env vars or secrets.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges or modify other skills or system-wide settings. Autonomous invocation is allowed by default but not combined with other red flags.
Assessment
This skill appears coherent and low-risk: it only prints built-in reference text and does not require credentials or network access. Before installing/invoking, you may (1) review the bundled scripts/script.sh (already included) and confirm you’re comfortable running a simple shell script, (2) note the minor metadata mismatch (SKILL.md/version 2.0.3 vs script VERSION=2.0.2) which is likely a packaging/versioning oversight but worth checking if you require exact version provenance, and (3) prefer to run it in a restricted/sandboxed environment if you want extra assurance (standard good practice for any third-party script).

Like a lobster shell, security has layers — review code before you run it.

latestvk97enzwxqtb6v4a08ares1tb0983gem5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments