ClawHub

string-utils

v1.0.0

Provides string manipulation and transformation operations for working with text. Use when you need to transform, format, or manipulate strings.

0· 83·0 current·0 all-time
by@jpengcheng523-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included code implement string transformations (case conversion, trimming, slugify, escape/unescape, similarity, etc.), which is proportionate to the stated purpose.
Instruction Scope
The SKILL.md usage examples and the code implement the same string APIs. The SKILL.md example uses require('./skills/string-utils') while package.json/main point to index.js — a path mismatch but not a security issue. The runtime instructions do not request files, env vars, network calls, or other system access beyond typical local module usage.
Install Mechanism
No install spec or external downloads are present; the skill is instruction/code-only and does not pull artifacts from external URLs or registries.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not reference process.env or other secrets-related APIs.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes, nor does it modify other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.
Assessment
This skill appears to be a harmless string-manipulation library and requests no credentials or network access. Before installing or using it in production: 1) review and run the full index.js file locally — the provided excerpt ends with a truncated export (module.exports appears incomplete in the excerpt), which may cause runtime errors; 2) check that SKILL.md's require path matches how your agent will load the module (SKILL.md uses './skills/string-utils' while package.json/main points to index.js); 3) run the included test script (npm test or node -e "require('./index.js').main()") in a sandbox to confirm behavior; and 4) prefer a vetted package source (registry or repo with history) if you need production-grade reliability. These are quality and correctness issues rather than security red flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c1gfbktt7ny3wbyeemarkfd83qf8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments