ClawHub

Toml Validator

v1.0.0

Validate, lint, diff, and inspect TOML configuration files. Use when asked to check TOML syntax, compare TOML configs, show TOML structure, validate pyprojec...

0· 47·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TOML validation, lint, diff, inspect) align with the included script which parses TOML, lints, diffs, shows types and prints outputs. Minor mismatch: registry metadata lists no required binaries, but SKILL.md and the script require Python 3.11+ (or tomli for older Python). This is a documentation/metadata inconsistency, not evidence of malicious behavior.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script against user-supplied TOML files (validate, diff, show, types). The instructions limit activity to reading and printing/analyzing the specified files; they do not ask the agent to read unrelated system files, environment variables, or to send data externally.
Install Mechanism
No install spec is provided (instruction-only with included script). Nothing is downloaded or executed from remote locations. The bundled script will run locally when invoked.
Credentials
The skill requires no environment variables or credentials and the code does not access environment secrets or external services. It only reads user-specified TOML files from disk.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide changes. It does not attempt to modify other skills or global agent config. It can be invoked autonomously (platform default), which is expected for skills of this sort.
Assessment
This skill appears to do what it says: a local Python script that validates, lints, diffs, and prints TOML files. Before installing, note: (1) you need a Python runtime — SKILL.md expects Python 3.11+ or the tomli package for older Python, but the registry metadata doesn't list a required binary; ensure your environment meets that requirement. (2) The skill reads files you point it at — don’t run it against sensitive files you don’t want inspected. (3) There is no network activity or credential access in the code, and no install downloads, but the skill's source comes from an unknown homepage/owner; if you rely on it for production, consider reviewing the included script or sourcing it from a known publisher. (4) STATUS.md mentions a price — check licensing/purchase expectations outside the skill bundle if relevant.

Like a lobster shell, security has layers — review code before you run it.

latestvk97294h7cdsa6n23jyjnvvrb1d84r3j2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments