ClawHub

Docs Refresh

v1.0.0

Refresh authoritative docs through a routed progressive-disclosure workflow.

1· 72·0 current·0 all-time
by@jzg-lab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, SKILL.md, and included scripts all align: its purpose is to inspect a git repository's changed files and route to a docs-update mode. Minor mismatch: the bundled collector script requires git and a POSIX shell (bash), but the registry metadata declares no required binaries. This is a small documentation inconsistency, not functional misalignment.
Instruction Scope
SKILL.md limits actions to reading repository state (git status/diff/ls-files), using the bundled collector if runnable, selecting a single docs mode, and explaining results. It explicitly forbids staging/committing. The instructions do ask the agent to read repo files and diffs (expected for this purpose) but do not direct data to external endpoints or require unrelated system access.
Install Mechanism
No install spec is present (instruction-only with bundled scripts). The code is included in the skill bundle; nothing is downloaded or executed from external URLs during install. Risk from install-time behavior is low.
Credentials
No environment variables, credentials, or config paths are requested. The scripts do not read secrets and only use git and filesystem traversal to classify changed files — proportional to the stated task.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated privileges or modify other skills or global agent settings. It explicitly instructs not to stage/commit changes.
Assessment
This skill appears to do exactly what it says: it analyzes a git repo's changed files and routes to a docs-update mode. Before allowing it to run, verify you are comfortable with the agent executing the bundled shell script and git commands against your repository (the collector uses bash and git). Review scripts/collect_changed_context.sh yourself (it only runs git status/diff/ls-files and inspects filenames/content patterns) and confirm there are no network calls or secret reads you didn't expect (none are present). If you do not want the agent to execute shell commands, run the collector locally in a sandbox or follow the SKILL.md's manual fallback steps instead. Finally, note the registry metadata omitted declaring 'git' (and a shell) as required binaries — this is a minor documentation gap but not a functional contradiction.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b26ed6t1fpn5zxw2twvrn4s8448yz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments