ClawHub

Conduit

v2.0.2

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Conduit concepts, best practices, and implementation patterns.

0· 97·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: the SKILL.md and scripts/script.sh are documentation-focused and produce plain-text reference output. There are no environment variables, binaries, or config paths requested that would be unexpected for a reference tool.
Instruction Scope
Runtime instructions and the shell script are limited to emitting heredoc text for each command. The SKILL.md explicitly states 'No external API calls, no credentials needed, no network access' and the script contains no network calls, file reads/writes, or credential usage. Minor inconsistencies in metadata/versions exist (SKILL.md says 2.0.1, script VERSION=2.0.0, registry 2.0.2) but these are benign bookkeeping issues.
Install Mechanism
No install spec is provided (instruction-only style) and the included script is static text output. Nothing is downloaded or extracted, so there is no install-time code execution risk beyond the script itself, which is safe and local.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the script does not read environment variables or sensitive files. There is no disproportionate secret or credential request.
Persistence & Privilege
always:false and normal user-invocation settings are used. The skill does not request persistent system presence or modify other skills or system-wide configuration.
Assessment
This skill appears to be a safe, local reference tool: it simply prints embedded documentation and does not access the network or credentials. Before installing, you can (1) review the small shell script to confirm it matches your expectations (it only outputs heredocs), (2) note minor metadata/version mismatches (cosmetic), and (3) permit autonomous invocation only if you’re comfortable allowing the agent to run documentation-lookups — there is no sensitive access exposed by this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk976amvht1emw2yzpber5zjf9183h93h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments