ClawHub

Subscription Box Curator

v1.0.0

Curate recurring subscription box concepts, item mixes, pricing tiers, add-on ideas, and replenishment warnings for DTC brands, merchandising teams, and subs...

0· 45·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (curation briefs, theme directions, pricing guidance) matches the included SKILL.md and the handler.py logic: category detection, budget extraction, and template-based outputs. No credentials, external APIs, or unrelated binaries are requested.
Instruction Scope
SKILL.md explicitly states the skill is MVP, template-based, and does not connect to Shopify/inventory/supplier APIs. The instructions ask only for subscription category, audience, budget, seasonality, and goals. The provided code parses the input text and builds recommendations; there are no instructions to read unrelated files, access system config, or transmit data externally.
Install Mechanism
No install spec is provided (instruction-only). Although code files are included in the package, there is no installer that downloads executables or writes archives from external URLs — lowest-risk install profile.
Credentials
requires.env is empty and handler.py uses only standard library modules (re, sys, typing). There are no required secrets or environment variables and no access to unrelated credentials or config paths.
Persistence & Privilege
The skill does not request always:true and does not attempt to change other skills' configuration. Autonomous model invocation is allowed by default (normal) but the skill itself does not request elevated persistence or system-wide changes.
Assessment
This package appears coherent and low-risk: it generates advisory markdown briefs from user-provided prompts using built-in heuristics and requests no credentials or external network access. Before installing, you may want to (1) inspect the full handler.py in your environment to confirm there are no hidden network calls or subprocess executions (the snippet shown was truncated in the prompt but the tests/reference code are local), (2) avoid pasting highly sensitive credentials or proprietary inventory data into prompts, and (3) run the included tests locally to validate behavior. If you need live catalog, inventory, or forecasting integration later, expect to add explicit, audited connectors rather than relying on this skill to access those systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk9725jsas4a6rp0jqc60pq6w1584rrez

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments