ClawHub

OmniSync_Standard

v1.0.3

High-performance, standalone synchronization engine for LLM token savings.

0· 18·0 current·0 all-time
byErk_CarbonioClaw@erkrodcs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (token-saving sync engine) matches the provided tools and code: a sync_standard tool that computes deltas and SHA-256 cursors. Minor provenance inconsistency: SKILL.md/README claim a verified author and audited repository, while registry metadata lists source as unknown; carbonioClaw.json points to a GitHub repo. This is a transparency mismatch but not a functional mismatch.
Instruction Scope
Runtime instructions (run mcp_gateway.py, send JSON-RPC over stdio) align with the code. The SKILL.md and code do not instruct reading unrelated files, environment variables, or transmitting data over the network. The gateway listens on stdin/stdout only.
Install Mechanism
No install spec and included code uses only Python standard library. There are no external downloads, package installs, or archive extraction steps in the skill bundle.
Credentials
The skill declares no required environment variables, and the code does not access external credentials, secrets, or config paths. The included config.json is present but not read by the runtime code, so it does not expand privileges.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or agent-wide configuration, and contains no autonomous persistence mechanisms. The JSON-RPC gateway runs in-process via stdio when invoked, which is expected for this kind of tool.
Assessment
This skill appears to be what it claims: a local, dependency-free text-diff/sync engine. Before installing: (1) verify the claimed repository/author (SKILL.md and carbonioClaw.json reference a GitHub repo while registry metadata lists source unknown); (2) if you rely on the provenance or audit claims, cross-check the external repo and commit history to ensure the bundled code matches the published source; (3) note that the gateway communicates over stdin/stdout — ensure your agent's usage of the tool is intentional and limited to the expected inputs (feed_id, old_content, new_content); and (4) because the skill can be invoked by the agent, permit it only if you trust its author or have reviewed the files yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk9700vsjte0q2bgz7zwa20vf0d84czg0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments