ClawHub

Skill Philosophy Validator

v1.0.2

Validates skill design against five core principles. Trigger after a SKILL.md file is created, written, edited, modified, or optimized. Also trigger when use...

0· 76·0 current·0 all-time
bynano@kangyishuai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to validate SKILL.md files and the included SKILL.md + references content clearly implements that: the document provides validation criteria, scoring, report templates and trigger phrases. No unrelated binaries, credentials, or services are requested.
Instruction Scope
Instructions explicitly tell the agent to locate and read the target Skill's SKILL.md, frontmatter, and supporting directories (references/, scripts/, assets/) and to record directory structure — this is appropriate for a validator. Note: the validator inherently reads repository files, so it will access whatever the user points it at (including any sensitive files that happen to be in the target path); the SKILL.md does not instruct accessing system-level paths or external endpoints.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes risk: nothing will be downloaded or written to disk by an installer step.
Credentials
The skill declares no required environment variables, credentials, or config paths. The actions described (reading files inside the target skill folder) are proportionate to its validation purpose.
Persistence & Privilege
always:false and no install/update behavior. The skill does not request permanent presence or modify other skills or system-wide agent settings. Model invocation is allowed (platform default) but that is expected for an analysis/validator skill.
Assessment
This skill appears to do what it says and has a low technical footprint (no installs or credentials). Before using it, point the validator only at directories you intend it to read (avoid running it against repos that contain secrets or unrelated private data), review the generated report before applying any automated edits, and consider running it in a controlled environment if you want to limit exposure of sensitive files. If you need higher assurance, request a code-based implementation (so you can audit execution paths) rather than an instruction-only validator.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c3fzrhhxf6z8580k3z3v07h83mdc4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments