ClawHub

Base64 Toolkit

v1.0.0

Base64 encoding and decoding toolkit. Encode/decode text, URL-safe Base64, and image to Base64 conversion.

0· 74·0 current·0 all-time
by@freeter226
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Base64 encode/decode, image-to-data-URI) matches the included Python script and required binary (python3). One minor inconsistency: SKILL.md examples reference path 'skills/base64-toolkit/scripts/base64_toolkit.py' while the repository contains 'scripts/base64_toolkit.py' (README uses the latter). This is likely a documentation/path mismatch rather than malicious behavior, but it may cause runtime failures if the agent attempts the documented path.
Instruction Scope
SKILL.md instructs the agent to run the bundled script and the script's behavior is limited to encoding/decoding and reading local files for file-based input or image-encoding. Reading local files is expected for the stated features. The tool also returns the file_path, base64 string and data URI for image-encode — useful but means any file you point at will have its contents represented in the tool output (be cautious about sensitive files).
Install Mechanism
No install spec; this is an instruction-only skill that relies on an existing python3 binary. No external downloads or third-party package installs are performed.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a local Base64 utility.
Persistence & Privilege
The skill does not request permanent presence (always=false) and does not modify other skills or system configuration. Agent autonomous invocation is allowed by default but not a special privilege here.
Assessment
This appears to be a simple, coherent Base64 utility. Before installing: 1) Fix or confirm the script path in SKILL.md (the examples point to 'skills/base64-toolkit/scripts/...' but the file is at 'scripts/base64_toolkit.py') so the agent can run it reliably. 2) Remember that image-encode and --file read local files and output their Base64 content (including file_path in the JSON); do not point the tool at secrets or sensitive files you don't want to be emitted to agent outputs. 3) You can review and run the script locally (python3 scripts/base64_toolkit.py ...) to confirm behavior. If you plan to encode secrets for use elsewhere, consider doing that locally rather than sending them through an external agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nsznzf76tb47w50th0615983f8xp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binspython3

Comments