Dust Language Architect
v1.0.0Expert Dust Language Architect grounded in the full Dust ecosystem, with the Dust Programming Language Specification as canon and all dustlang organization r...
⭐ 0· 25·0 current·0 all-time
byMarlon Hanks@litecreator
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Dust Language Architect) matches the SKILL.md directives: the agent is explicitly instructed to reason from cloned dustlang repositories and the Dust specification. There are no unexplained env vars, binaries, or install steps that would be out of scope for this purpose.
Instruction Scope
The SKILL.md gives broad traversal rules — e.g., "Every File Matters" and explicit permission to read hidden files, CI configs, scripts, generated metadata, etc. That breadth is coherent for a deep repository analysis task, but it increases the chance the agent will read sensitive or accidental content committed to the repo (e.g., API keys or secrets in files). The instructions do not ask the agent to reach external endpoints or to exfiltrate data; they only specify local-repository grounding.
Install Mechanism
No install spec is present and there are no code files; this is instruction-only, so nothing is written to disk or downloaded by the skill itself. This is the lowest-risk install profile and matches the claimed function.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is appropriate for an instruction-only, repo-grounded analysis skill.
Persistence & Privilege
always is false and autonomous invocation is allowed (the platform default). The skill does not request permanent presence or system-wide changes. There is no evidence it modifies other skills or system configs.
Assessment
This skill appears coherent and low-risk because it only contains runtime instructions and no install or credential requests. Before enabling it, review the cloned repository files that will be used as the agent's corpus (including dotfiles, CI/workflow files, build scripts, and any generated metadata) to ensure no sensitive secrets or accidentally committed credentials are present — the skill explicitly tells the agent to treat every file as potentially relevant. If you are worried about accidental disclosure, run the skill in a sandboxed environment or remove/rotate any secrets from the repositories first. If you want stricter control, consider disabling autonomous invocation for this skill or limiting the directories it may read.Like a lobster shell, security has layers — review code before you run it.
latestvk971mq7f1tsxccajwq0a3frydd8492dp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.