ClawHub

Prompt Engineering Expert

v1.0.0

Advanced expert in prompt engineering, custom instructions design, and prompt optimization for AI agents

1· 61·0 current·0 all-time
by@joeycacciatore3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and all included files consistently describe prompt engineering guidance, templates, and documentation; nothing in the package requests unrelated capabilities (cloud creds, system access, or binaries).
Instruction Scope
SKILL.md and the other markdown files provide guidance, examples, and sample API snippets only; they do not instruct the agent to read system files, exfiltrate data, or call arbitrary external endpoints. Sample code references the Anthropic/Agent SDK (expected for this domain) but the skill does not embed secrets or require access to them.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be downloaded or executed on install by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. It mentions integrations (Files API, Agent SDK) which would require user-supplied API keys when used, but the skill itself does not request them.
Persistence & Privilege
always:false and no files or scripts that request permanent agent-wide changes. Autonomous invocation is allowed by default (platform behavior) but the skill does not request elevated persistence.
Scan Findings in Context
[no_regex_matches] expected: The provided static scanner found no regex-based hits; this is expected for an instruction-only skill composed of markdown files.
[metadata_owner_mismatch] unexpected: Registry metadata lists ownerId 'kn79sf80bp2nycqa3ry3yaz4rx83z7zc' while _meta.json contains ownerId 'kn722nva0z7svbapne80p8e8jd7zwmk7' and homepage/source are absent — not harmful to functionality but reduces provenance/trust and is worth verifying with the publisher.
Assessment
This skill appears coherent and safe in that it only contains documentation and guidance for prompt engineering (no code, no credential requests, no installers). Before installing: verify the source/owner (homepage is missing and internal metadata IDs differ), review the files yourself, and avoid uploading any folders that contain secret files. If you use the sample Agent SDK snippets, supply API keys only to trusted SDK instances and rotate credentials per your security policy. If provenance matters for your environment, prefer skills from known publishers or request a signed/reproducible release.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fgcsxamhqc48pzzwn1cg05183y5p4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments