ClawHub

Mlfinlab

v2.0.2

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Mlfinlab concepts, best practices, and implementation patterns.

0· 116·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Mlfinlab reference) align with the included assets: an instruction file and a small shell script that print reference documentation. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md explicitly says output is produced via heredocs with no external API calls; the provided scripts/script.sh only emits static heredoc content and handles CLI args. The instructions do not read arbitrary files, access environment variables, perform network calls, or transmit data elsewhere.
Install Mechanism
No install specification is provided (instruction-only skill with an included script). Nothing is downloaded or written to disk by an installer; risk from install mechanism is minimal.
Credentials
The skill requires no environment variables, credentials, or config paths. The SKILL.md and script both state no API keys are needed, which is consistent with the code.
Persistence & Privilege
Skill is not always-enabled, does not request persistent presence or elevated privileges, and does not modify other skills or system-wide settings. Autonomous invocation (normal default) is allowed but not concerning given the skill's limited scope.
Assessment
This skill appears coherent and low-risk: it only displays local reference text and does not use network, secrets, or elevated privileges. Two minor non-security notes: the SKILL.md version (2.0.2) differs from the script's VERSION (2.0.1), and some help heredocs are quoted so the $VERSION literal may not be expanded (a benign bug). If you deploy it, prefer running the script in a non-privileged environment and verify the repository origin if you require strict supply-chain assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2daq4s90r9gc4y3zses6th83g0m5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments