Opus 4.6 Quality Certification

Key issues to consider before installing or trusting this skill: - Mismatched CLI: SKILL.md and docs show a '/opus-certification' CLI, but package.json and the files do not install such a binary (no 'bin' field). Confirm how the CLI is supposed to be installed and whether the skill will actually provide the described commands. - Unexplained 'clawhub' requirement: The metadata lists 'clawhub' as a required binary, but index.js never calls it. Ask the author why this is required; do not grant extra system access for it until clarified. - Simulated/random audit results: The audit and self-assessment functions use randomization to simulate pass/fail outcomes. This makes the tool unreliable for real certification decisions and could produce misleading outputs. Do not treat its outputs as authoritative without swapping out the simulation for deterministic checks. - Identity and source: The package lists 'ClawHub' as author and a ClawHub email/URLs are referenced, but the registry metadata shows an unknown owner ID and no homepage. Verify the publisher/maintainer identity (official ClawHub source) before trusting badges, contacting emails, or relying on the tool for formal certification. - Safe testing steps: Run the code in a sandbox or isolated environment first, inspect index.js (already done) and confirm no network exfiltration. If you want a proper CLI, ask the maintainer to add a 'bin' entry and provide an install script or publish on a trusted registry. What would change this assessment: a clear install spec that creates the advertised '/opus-certification' binary (or updated SKILL.md aligned with 'node index.js'), removal/justification of the 'clawhub' binary requirement, deterministic/real audit checks (not simulated randomness), and verifiable author/publisher metadata (official ClawHub account or homepage).