ClawHub

JSON Wizard

v1.0.0

JSON formatting, validation, and conversion tool. Format, compress, validate JSON, and convert between JSON and YAML.

0· 80·0 current·0 all-time
by@freeter226
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (JSON formatting, validation, conversion) align with the included script and requirements. Minor inconsistency: SKILL.md usage shows the script path as 'skills/json-formatter/scripts/json_formatter.py' while the repository contains 'scripts/json_formatter.py' (README also references 'scripts/json_formatter.py'). This is a packaging/path mismatch that can break execution but is not a security issue.
Instruction Scope
The SKILL.md instructions are narrowly scoped to formatting/validating/converting JSON and YAML. The runtime script will read an input string or an arbitrary local file when invoked with --file; it prints JSON-formatted results to stdout. There are no network calls, no references to unrelated env vars, and no attempts to access config or credentials. Note: reading arbitrary local files is expected for a converter but could expose sensitive files if used on secrets.
Install Mechanism
There is no install spec (instruction-only skill) and no downloads. A requirements.txt lists pyyaml; the script gracefully handles PyYAML not being installed. README suggests 'pip install pyyaml' for YAML support. This is proportionate and low-risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is appropriate for its stated functionality.
Persistence & Privilege
The skill does not request persistent/always presence (always:false) and does not modify other skills or system configuration. Default autonomous invocation is allowed but not in itself a red flag here.
Assessment
This skill appears to do exactly what it says: format, compress, validate JSON and convert to/from YAML. Before installing or running it: 1) ensure python3 is available; install PyYAML (pip install pyyaml) if you need YAML conversion; otherwise JSON-only features work without it. 2) Be aware the script can read arbitrary local files when run with --file, so do not point it at sensitive files unless you intend to process them. 3) Fix the path mismatch in SKILL.md (it references a different path than the actual file) so the agent can invoke the script reliably. Overall the skill is coherent and contains no obvious malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770p9cdzadqjjp472jp59ya583cngy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binspython3

Comments