ClawHub

1.2.0

v1.2.0

Release-day coordination helpers for cutover, verification, and rollback readiness.

0· 226·1 current·1 all-time
byYikun Fu@jiarani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md, templates, and tiny helper scripts match the stated purpose (release coordination). Oddities: top-level metadata name is '1.2.0' instead of a descriptive name, and the healthcheck script prints a different skill name ('pipiwu-benchmark-gamma-skill'), suggesting a copy/paste or packaging mistake. The SKILL.md references CLI commands (release, workflow) that are not provided by the package — this is acceptable for an instruction-only skill if those commands are provided by the environment, but you should confirm where those commands come from.
Instruction Scope
Runtime instructions are limited to gathering release inputs, running high-level commands, and using included templates. They do not direct the agent to read unrelated files, access secrets, or send data to external endpoints.
Install Mechanism
No install spec; the skill is instruction-only. Provided shell scripts are trivial and only echo static text. No downloads or archive extraction occur.
Credentials
The skill declares no required environment variables, credentials, or config paths — consistent with its simple templates-and-instructions purpose.
Persistence & Privilege
Skill is not always-enabled and uses default invocation settings. It does not request system-wide persistence or modify other skills' configurations.
Assessment
This skill appears to do what it claims: provide checklists, report templates, and brief helper scripts. Before installing, verify two small anomalies: (1) registry metadata lists the package name as '1.2.0' (not a human-readable name) and (2) scripts/healthcheck.sh echoes 'pipiwu-benchmark-gamma-skill' — likely a copy/paste/packaging error. Confirm where the referenced CLI commands (release, workflow) are expected to come from in your agent environment; the skill does not implement them. Because it requests no credentials or installs, risk is low, but if you rely on this for production rollouts test it in a safe environment first and confirm the publisher/owner identity. If you see any added install steps, network calls, or credential prompts later, treat that as suspicious and re-evaluate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dysjyj92eq9hyn9pec9gs5x82e4cb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments