ClawHub

Ruthless Mentor

v1.0.0

A red-team advisor that challenges assumptions, stress-tests ideas, and gives brutally honest GO/NO-GO feedback. Use when evaluating business ideas, workflow...

0· 121·0 current·0 all-time
by@mpbshhx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is an instruction-only 'ruthless mentor' and declares the sessions_spawn tool in metadata; spawning a sub-agent is a reasonable and proportionate mechanism for implementing an independent adversarial reviewer.
Instruction Scope
Instructions are narrowly focused on creating a sub-agent with a specific system prompt and model. One minor scope note: the Integration section mentions an optional weekly cron to 'review active-tasks.md' — that implies the sub-agent might be given or read an internal project file. The SKILL.md also instructs pasting the user's idea/plan into the spawned session, which could expose sensitive content to the sub-agent model. These behaviors are within the stated purpose but carry privacy considerations.
Install Mechanism
No install spec or code files; instruction-only skill means nothing is written to disk or downloaded during install.
Credentials
The skill declares no environment variables, no credentials, and no config paths. That is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent/privileged system presence. It does rely on the sessions_spawn capability, which allows creating sub-agents; this is expected for the described behavior but increases the blast radius if the spawned agent receives sensitive inputs.
Assessment
This skill appears coherent for its stated purpose, but consider these precautions before installing or using it: (1) sessions_spawn gives the skill the ability to create sub-agents — avoid pasting secrets (API keys, passwords, PII) into the prompt or the idea text that you send to the mentor. (2) If you enable the optional cron that reads active-tasks.md, make sure that file doesn't contain sensitive data or secrets. (3) Confirm you trust the skill owner (source/homepage unknown). (4) Limit which models the skill can spawn or audit spawned-session logs if your platform allows it. If you want a higher assurance level, request the skill author publish a verifiable source/homepage and a minimal manifest explaining exactly what the spawned sessions are allowed to access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dte5dprwp93mfs5kdkg28qd834sv4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔪 Clawdis

Comments