ClawHub

Skill Analyst

v1.1.0

Analyze and evaluate OpenClaw skills before installing or publishing. Compare against existing or ClawHub skills, check feature overlap, perform security rev...

1· 88·0 current·0 all-time
by@lixiabupt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the SKILL.md explicitly guides using the clawhub CLI and local SKILL.md files to compare, vet, and produce reports. Requiring clawhub is appropriate for ClawHub-related analysis.
Instruction Scope
Instructions read local SKILL.md files (e.g., ~/.openclaw/skills/) and call clawhub commands — this is expected for a skill-comparison tool. The SKILL.md also enforces output formatting (tables, JSON response) which constrains agent behavior but is not harmful. No instructions instruct reading unrelated system files, exporting credentials, or sending data to unexpected endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill, so nothing is written to disk by the skill itself. Lowest-risk install profile.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only external dependency is the clawhub CLI (and optional skill-vetter) which is coherent with the purpose.
Persistence & Privilege
always is false and there is no behavior that writes to other skills' configs or requests persistent privileges. Autonomous invocation is allowed by default but is not combined with other red flags.
Assessment
This skill is instruction-only and appears internally consistent: it needs the clawhub CLI to search/inspect ClawHub and will read local SKILL.md files (e.g., ~/.openclaw/skills/) to compare installed skills — that is expected. Before using it, ensure you trust the clawhub binary you have installed (it performs network calls and inspects skill metadata). Be aware that reports include data pulled from local SKILL.md files; avoid running it in contexts with unrevealed sensitive information. If you want extra caution, run the workflow steps manually (clawhub search/inspect, reading local SKILL.md) or sandbox the clawhub CLI before granting it network or system access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97639eqykvz8rzmczqr5vvs1x847qeh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments