ClawHub

Golden Master

v1.0.4

Track source-of-truth relationships between files — know when derived content becomes stale.

4· 1.3k·2 current·2 all-time
byLee Brown@leegitw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md all describe scanning files, suggesting relationships, and producing metadata comments; the skill asks for no binaries, env vars, installs, or external services, which is proportionate to its purpose.
Instruction Scope
Instructions explicitly limit actions to analysis and generating metadata comments, and say files will not be auto-modified without explicit request. Reading repository files/directories is core to the skill, which is expected. Note: scanning repositories can expose sensitive files to whatever model/process is conducting the analysis (see data-handling note about cloud-hosted LLMs).
Install Mechanism
No install spec and no code files — instruction-only skill with no on-disk install, which minimizes risk and is appropriate for this functionality.
Credentials
No required environment variables, credentials, or config paths are declared. This aligns with the described offline, repo-scanning behavior. The SKILL.md does mention that agent-hosted/cloud LLMs will see the data if used, which is an operational consideration but not an incoherence.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or to modify other skills or system configs. Autonomous invocation is allowed (platform default) but nothing here elevates privilege beyond expected behavior.
Assessment
This skill appears coherent and low-risk as an instruction-only tool for discovering relationships and producing metadata comments. Before using it, confirm these operational points: (1) Limit the scan scope to the repository or directories you intend — avoid running it over home directories or repos with secrets. (2) Verify that the agent will not auto-modify or auto-commit files unless you explicitly authorize that action; review generated metadata before committing. (3) If your agent uses a cloud LLM, understand that scanned file contents are sent to that service per your agent's configuration—avoid sending sensitive material. (4) Test on a small sample repo first to ensure the checksum algorithm and comment formats meet your requirements and that workflow (establish → commit → validate → refresh) fits your team process.

Like a lobster shell, security has layers — review code before you run it.

docsvk97bn88paa885v65v0p8rt34jn83kt2pdocumentationvk97bn88paa885v65v0p8rt34jn83kt2pfile-trackingvk97bn88paa885v65v0p8rt34jn83kt2pfreshnessvk97bn88paa885v65v0p8rt34jn83kt2platestvk97bn88paa885v65v0p8rt34jn83kt2popenclawvk97bn88paa885v65v0p8rt34jn83kt2psource-of-truthvk97bn88paa885v65v0p8rt34jn83kt2pstalenessvk97bn88paa885v65v0p8rt34jn83kt2ptechnical-writingvk97bn88paa885v65v0p8rt34jn83kt2pvalidationvk97bn88paa885v65v0p8rt34jn83kt2p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments