ClawHub

Skill

v0.11.8

Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.

3· 1.4k·0 current·0 all-time
by@meshailabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a verification/gating layer that uses LLMs to generate and critique artifacts. Declared requirements (npx/node and an LLM API key such as OPENAI_API_KEY) match that purpose. Optional config files (~/.moltblock/moltblock.json) are plausible for policy customization.
Instruction Scope
SKILL.md instructs the agent to call the moltblock CLI (npx or installed binary) with a task description, and to read optional local config files. It explicitly states it only performs policy checks and does not execute code. This is coherent, but users should note that submitted task text and artifacts will be sent to the configured LLM provider (possible data exposure).
Install Mechanism
Install is via npm (moltblock@0.11.8) and npx usage is recommended. npm is a standard distribution channel; this is moderate but expected risk for a Node CLI. No arbitrary download URLs or extract steps are present.
Credentials
The skill declares a primary LLM API key (OPENAI_API_KEY) and optional provider keys (ANTHROPIC_API_KEY, GOOGLE_API_KEY, ZAI_API_KEY). Those map directly to the stated need to call LLM backends. There are no unrelated or excessive environment or credential requests.
Persistence & Privilege
always:false and no special OS restrictions or system-level config writes are requested. Optional config file reads are proportional for policy customization. The skill does not request permanent platform privileges.
Assessment
This skill appears to do what it says: it sends tasks to an LLM provider, runs policy checks, and returns verification results. Before installing, consider: (1) Use npx to avoid a global install if you prefer no persistent package; (2) Any task text and generated artifacts will be transmitted to the LLM provider tied to the API key — do not submit secrets or sensitive data unless you trust the provider and the key's scope; (3) Prefer a limited-scope API key for verification only; (4) If you need higher assurance, review the published npm package and GitHub repo code (moltblock@0.11.8) to confirm there are no unexpected behaviors beyond the documented CLI usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk971qqakbesqwqm1418yqh3vjn834m6v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binnpx, node
Primary envOPENAI_API_KEY

Install

Node
Bins: moltblock
npm i -g moltblock@0.11.8

Comments