ClawHub

openclaw-engineering-harness

v1.0.0

Manages the full engineering workflow by clarifying requests, discovering code, making minimal changes, validating, and preparing publish-ready artifacts.

0· 28·0 current·0 all-time
by@h4444433333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (engineering workflow: discover, implement, verify, deliver) align with included scripts, policy files, and allowed tools. Tools and git operations (read/edit/write, Bash git commands, python3) are appropriate for implementing and validating small code changes and producing exports.
Instruction Scope
Runtime instructions explicitly tell the agent to read and update a local memory index (.claude/MEMORY.md), discover and edit code, run constraint/audit scripts, and perform git operations. This is appropriate for an engineering harness but does give the skill authority to read and modify hidden project files and commit changes to the repository — a potentially sensitive action that is coherent with the stated purpose.
Install Mechanism
No install spec or external downloads are present; all runtime artifacts are included in the package as Python scripts and JSON/markdown policies. This is low-risk and proportionate.
Credentials
The skill requests no environment variables, credentials, or external endpoints. Its file- and git-based operations are consistent with local engineering tasks and do not require unrelated secrets.
Persistence & Privilege
The skill is not always-on and does not request elevated system privileges, but it does instruct writing into the project's memory index (.claude/*) and can run git commit/reset commands. Those are necessary for its purpose but mean it can persist changes in the repository and local memory; review and consent are recommended before allowing writes/commits.
Assessment
This skill appears to do what it says: inspect a codebase, make minimal changes, run constraint/audit checks, and prepare exports. Important points before you install or run it: - It will read and may update .claude/MEMORY.md and other .claude memory-topic files — review that directory for sensitive content first. - The skill is permitted to run git commands (checkout, reset, add, commit). Ensure your working tree is backed up or committed and that you trust automated commits before allowing the skill to write/commit. - The scripts perform local audits to block host paths and network literals on export; they do not contain outbound network calls or require credentials. - If you want tighter control, run the skill in a sandbox or restrict it to read-only mode initially (deny Write/Edit/Bash commit tools) until you are satisfied with its behavior. - Review scripts/runtime_support.py and the run_*.py scripts (they're included) if you want to confirm specific behaviors; the package is self-contained and uses only standard library modules.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753gpy1z0tgafhkzgyaaa6nn84907v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments