ClawHub

origin

v0.1.0

Tracks data provenance and lineage by tracing sources, logging transformations, and auditing anchors to ensure data auditability and compliance.

0· 531·0 current·0 all-time
by@kleberbaum
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a data-provenance system, but the included artifacts are lightweight placeholder scripts that only print trace/audit messages and timestamps — they do not actually connect to backends, read pipeline metadata, or record lineage. This is likely a minimal/placeholder implementation rather than a fully functional provenance tool.
Instruction Scope
SKILL.md instructs the agent (or user) only to run the included scripts (trace-lineage.sh, origin-info.sh). The instructions do not ask the agent to read unrelated files, access environment variables, or transmit data externally.
Install Mechanism
There is no install spec (instruction-only with small script files). No downloads or external package installs are performed, so nothing arbitrary is written to disk beyond the included scripts.
Credentials
The skill requests no environment variables, credentials, or config paths. The claw.json lists an "exec" permission to run the scripts, which is appropriate for a script-based skill.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide configuration. It does not request persistent presence or elevated privileges.
Assessment
This skill appears safe to inspect and run in a local or sandboxed environment: it contains two small bash scripts that only print status messages and timestamps and does not require any credentials. However, it is effectively a placeholder — it does not implement real lineage collection or backend integration. Before relying on it in production, review or extend the scripts to integrate with your provenance backends, and re-check future versions for added network calls or credential requirements. If you plan to run these scripts in a sensitive environment, run them in a sandbox first and confirm they behave as expected.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ddg79wef714xmwzyrdqrhs81dbn6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments