ClawHub

Skill Feed

v0.2.1

Scenario-driven skill recommendation engine for ClawHub. Detects failed or stuck workflows, builds targeted search queries, and returns ranked skill recommen...

0· 506·5 current·5 all-time
byJack Lee@jackleeio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (recommend skills to recover failed workflows) matches the instructions: classify failures, build sanitized queries, search ClawHub, rank candidates, and return recovery steps. No unrelated env vars, binaries, or install steps are requested.
Instruction Scope
Instructions stay within the stated purpose (capture failure context, sanitize, construct queries, call ClawHub search, rank results). However, sanitization is delegated to the agent and the SKILL.md does not define precise sanitization implementation or explicit limits on which runtime sources to read — e.g., it says "latest action log summary" but doesn't restrict reading broader logs or environment variables. The effectiveness of data protection depends on the agent enforcing the sanitization rules.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — lowest risk. The skill expects to perform live web searches (https://clawhub.ai/skills?focus=search) at runtime, which is appropriate for its function.
Credentials
The skill requests no environment variables, credentials, or config paths. It uses generic network access to query ClawHub, which is proportionate to its purpose.
Persistence & Privilege
No elevated persistence requested (always: false). The skill does not request or document modifying other skills or system-wide settings.
Assessment
This skill appears internally consistent, but before installing: 1) confirm your agent runtime enforces the SKILL.md sanitization rules (prevent raw logs, env values, API keys, PII from being sent); 2) verify the agent only sends sanitized, generic queries to https://clawhub.ai and does not leak internal URLs or tokens; 3) test the skill using synthetic failures (no real secrets) to validate outputs; 4) ensure the skill will not auto-execute external high-risk remediation steps without explicit user confirmation. If you need stronger guarantees, ask the skill author to provide a deterministic sanitization routine and clearer limits on which logs/contexts the skill may read.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxkpd1m4tbt5m8w5ec60e2182jzj5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments