ClawHub

Collaborate

v1.0.0

Auto-learns when to seek different perspectives. Grows a library of useful mindsets and collaboration patterns.

3· 752·3 current·3 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included documents (SKILL.md, mindsets.md, vs-delegate.md) are coherent: the skill is an instruction-only collaborator/mindset library and requests no credentials, binaries, or installs that would be unrelated to that purpose.
!
Instruction Scope
The runtime instructions explicitly tell the agent to 'Store — Record useful patterns below' and to 'auto-evolve'. They reference and expect the agent to consult the included markdown files. However, there are no rules about what gets recorded, how entries are sanitized, or whether user-sensitive content may be persisted. The guidance is intentionally open-ended, granting the agent broad discretion to collect and write data.
Install Mechanism
No install spec, no code files, and no external downloads — lowest-risk delivery model (instruction-only).
Credentials
Skill declares no environment variables, credentials, or config paths. Nothing requested appears disproportionate to the stated collaboration purpose.
Persistence & Privilege
always is false and the skill does not request elevated privileges. Still, the skill's stated behavior ('auto-evolves', 'Store') implies writing to its own markdown files (or another persistent store). That self-modification is plausible for this kind of skill but could result in long-lived records of interactions or context unless the developer specifies retention, sanitization, or access controls.
What to consider before installing
This skill appears to do what it claims (a library for collaboration mindsets), but it leaves key operational details unspecified. Before installing, ask the publisher/developer: (1) exactly where are 'entries' stored (which files, directories, or external services)? (2) will the skill ever record user messages or sensitive context into those files? (3) is there any sanitization, retention policy, or an opt-out mechanism? If you plan to use it with sensitive projects or PII, avoid enabling it until you confirm it does not persist private data. If you still want to try it, test in a non-sensitive environment and monitor any created/modified files to verify what gets written.

Like a lobster shell, security has layers — review code before you run it.

latestvk97df4tc9qdccd5hw2vepbfw05810yrv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments