ClawHub

Boggle Solver

v1.0.0

Solve Boggle boards — find all valid words (German + English) on a 4x4 letter grid. Use when the user shares a Boggle photo, asks for words on a grid, or plays word games. Includes 1.7M word dictionaries (DE+EN).

1· 1.9k·2 current·2 all-time
by@christianhaberl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and files: a trie-based Boggle solver for English and German. The included scripts implement the solver and the described features (Qu tile support, bilingual runs, scoring). Required capabilities (none) are proportionate to the stated purpose.
Instruction Scope
SKILL.md tells the agent to 'read the 4x4 grid from the photo' and to confirm with the user before running; the provided code implements only the solver CLI and dictionary download, not OCR or image parsing. This is a scope mismatch (the agent must handle OCR / photo parsing externally) but not a security issue. The runtime instructions do not ask the agent to read unrelated files, environment variables, or contact unexpected endpoints other than GitHub raw content.
Install Mechanism
No install spec is present (instruction-only), which minimizes install risk. The runtime code auto-downloads two dictionary files from a GitHub raw URL (raw.githubusercontent.com/christianhaberl/...). Downloading code/data from a public GitHub repo is expected here but still involves network fetch of large files; the URLs are not shortened or obfuscated and point to a user repo rather than an official organization — reasonable for this use but worth noting.
Credentials
The skill requests no environment variables, credentials, or config paths. The code only reads/writes files under its own data directory and performs network fetches for dictionary files. No secret exfiltration vectors are present.
Persistence & Privilege
The skill is not forced-always, does not request persistent elevated privileges, and does not modify other skills or global config. It runs locally and only downloads dictionaries into its data directory on first run.
Assessment
This skill is coherent and appears to do what it says: a local Boggle solver that auto-downloads large English/German wordlists from a public GitHub repository on first run. Before installing, be aware that: - The skill will fetch ~1.7M word entries (large files) from raw.githubusercontent.com (a public GitHub repo). If you have network or disk constraints or a policy against runtime downloads, get the data files manually and place them under skills/boggle/data/. - The repo used is a user project (christianhaberl); if you require higher assurance, inspect the dictionary files and the repo history yourself prior to running. - The skill does not include OCR/image parsing — your agent or environment must extract the 4x4 letters from photos and pass them to the solver. - No credentials are requested and there are no hidden endpoints or attempts to read unrelated system files. If these points are acceptable, the skill is reasonable to install; if you need stricter supply-chain guarantees, download and vet the dictionary files yourself and/or host them on an approved source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b7vcrz45zkyksn3vahqh8zs808bp4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments