ClawHub

Cli Anything Zc

v0.1.2

Generate or refine agent-usable CLIs for existing software/codebases using the CLI-Anything methodology. Use when the user wants to turn a GUI app, desktop t...

0· 120·0 current·1 all-time
by@lean-zhouchao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual footprint: the skill is an instruction/method skill that expects a local /root/.openclaw/workspace/CLI-Anything repo and provides guidance and small helper scripts to enumerate and recommend harnesses. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md directs the agent to read files under the workspace, run two included Python inspection/recommendation scripts, and (when using a harness) to install Python dependencies and pip-install harness packages (example uses --break-system-packages). Reading workspace files and running these scripts is appropriate for the stated goal, but installing local packages executes arbitrary setup.py code — a legitimate capability for packaging/validation but a concrete risk when the harness sources are untrusted.
Install Mechanism
There is no install spec; this is instruction-first with two small helper scripts included. Nothing is downloaded from external URLs or auto-executed by an installer. The only installation activity described is optional: pip installing local harnesses (which is expected for verifying harnesses).
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond the workspace path. The requested accesses align with its purpose of inspecting and packaging local harnesses.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. The only potentially persistent action the instructions mention is installing a harness into the Python environment (which would modify the runtime), but that is consistent with verifying or using a local harness and is explicitly warned about in the docs.
Assessment
This skill is coherent with its stated purpose, but be cautious before using it to install or run unreviewed harnesses from the local repo. Installing a local Python harness (pip install -e or running setup.py) can execute arbitrary code on the host. Before you install or run a harness: 1) review the harness's setup.py, README, and tests; 2) run installs and validation in an isolated environment (container, VM, or dedicated virtualenv) rather than the host system; 3) prefer the 'method skill' workflow (inspection, review, then manual install) unless you explicitly trust the harness; 4) do not publish or push third-party code without explicit intent and review. If you want a stricter evaluation, provide the contents of a specific harness directory (setup.py, README, tests) and I can analyze those files for risky patterns.

Like a lobster shell, security has layers — review code before you run it.

latestvk970s8rdex2pwvvw08vfyc8wfs83ag7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments