ClawHub

Steal List

v1.0.0

Pre-development reference research. Produces a Steal List: concrete patterns extracted from real products and real codebases that solved similar problems. Tw...

0· 49·0 current·0 all-time
by@hybirdss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is a research helper that finds products and repos and produces a .scout/ Steal List. Requesting the gh (GitHub CLI) binary and the allowed tools (WebSearch, WebFetch, Read/Write, Glob, Grep, Bash) fits this purpose: gh can be used to discover and inspect GitHub repos and the other tools let the agent read the project and save results.
Instruction Scope
SKILL.md explicitly instructs reading README.md, package.json, listing source dirs, and writing a .scout/ output. It also uses WebSearch/WebFetch and can take screenshots/analyze sites. The instructions do not ask for arbitrary system files or environment variables, but they do permit reading any files in the project (Read/Grep/Glob) and fetching external content — which is expected for research but worth noting.
Install Mechanism
Instruction-only skill with no install spec; nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials
No environment variables or config paths are requested. The only external requirement is the gh binary. That is reasonable for GitHub repo discovery, but be aware: if the user has gh authenticated (gh stores credentials/config locally), running gh commands could access private repos or use the user's GitHub credentials. The skill does not declare or require any secrets itself.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or changes to other skills or system-wide settings. It will write results into .scout/ in the project root (documented).
Assessment
This skill is internally consistent with its stated goal of finding UI and code references. Before installing or running it: (1) understand it will read files in your project (README, package.json, source directories) and write outputs to .scout/; (2) the gh binary may cause the skill to access your GitHub account (including private repos) if gh is authenticated on the machine — run it in an environment where gh is not logged into sensitive accounts if you want to avoid that; (3) it performs web searches and fetches external pages, so review .scout/ outputs before sharing; and (4) because it can spawn sub-agents and run shell commands, consider running it in a controlled workspace or sandbox the first time. If you want it to be more limited, remove or unauthenticate gh, or run with a minimal repository copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744y3q9rvz2pr9vbtcszzqjd84fb9bpre-developmentvk9744y3q9rvz2pr9vbtcszzqjd84fb9bprior-artvk9744y3q9rvz2pr9vbtcszzqjd84fb9breferencesvk9744y3q9rvz2pr9vbtcszzqjd84fb9bresearchvk9744y3q9rvz2pr9vbtcszzqjd84fb9bsteal-listvk9744y3q9rvz2pr9vbtcszzqjd84fb9b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgh

Comments