ClawHub

C Support Library

v1.0.0

C Language Support Library for OpenClaw skills. Provides AST parsing, CMake analysis, Unity test generation, and security rule checking for C projects.

0· 33·0 current·0 all-time
by@michealxie001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (C AST parsing, CMake analysis, Unity test generation, security rules) match the included Python modules and tests. The code implements parsers, rule checks, and test generators consistent with the declared purpose; no unrelated environment variables, external services, or unexpected binaries are requested.
Instruction Scope
SKILL.md asks the agent to read/write files and execute commands (tools: read, write, exec). The bundled code legitimately reads source/CMake files and the test harness writes sample files to /tmp. The exec capability is plausible (the parser imports subprocess and tree-sitter may need native components), but granting exec increases risk — inspect any runtime subprocess calls before running in a privileged environment.
Install Mechanism
No install spec is embedded; dependencies are listed in requirements.txt (tree-sitter, tree-sitter-c, pycparser). Those are standard PyPI/native-binding packages. No downloads from unknown URLs or archive extraction steps are present in the skill metadata.
Credentials
The skill declares no required environment variables or credentials. The security-checking code looks for hardcoded credentials (patterns for passwords/AWS keys) but does not request any secrets. That detection behavior is appropriate for a security rule checker.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent system-wide changes or modify other skills' configs in the provided files. It will run only when invoked.
Assessment
This package appears to implement exactly what it claims (C parsing, CMake analysis, Unity test generation, and security checks). Before installing or running it, do the following: (1) review the code paths that call subprocess/exec or tree-sitter initialization to understand what external programs or native builds may run; (2) run the test suite in an isolated/sandbox environment (container/VM) because tests write to /tmp and parsing libraries may build native extensions; (3) do not provide any secrets or elevated privileges to the environment where you run it; (4) if you plan to integrate this into an automated agent, limit the agent's exec rights or inspect subprocess invocations to avoid unexpected shell commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk979dv7s3r6w7y5zqv2rmyvh0n8435v8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments