ClawHub

Clawtrix Saas Intel

v0.2.0

Surfaces the best ClawHub skills for SaaS-focused agents — auth, billing, onboarding, customer lifecycle, and SaaS product patterns. Use when: (1) Onboarding...

0· 63·0 current·0 all-time
bynicobot@nicope
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to surface SaaS-focused ClawHub skills and its runtime steps (read agent mission, search ClawHub, score candidates, output top 3) align with that purpose. However, the SKILL.md uses external commands (curl, jq) and references running a local tool (`clawtrix-security-audit`) and writing to `memory/reports/...` even though the skill declares no required binaries, env vars, or config paths — a small mismatch between declared requirements and what the instructions expect.
Instruction Scope
Runtime instructions explicitly tell the agent to read the agent's SOUL.md, search ClawHub via HTTP APIs, score candidates, and write a report to memory. Those actions are within the stated scope (discovery and recommendation). They do involve reading agent-specific files and writing to agent memory, which is expected for an onboarding/intel skill.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. That minimizes install-time risk. The only runtime risk is outbound network calls to clawhub.ai as described in the instructions.
Credentials
The skill declares no credentials or secrets and does not require access to unrelated environment variables. It does recommend running a security audit before installing billing-related skills, which is appropriate for the domain.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or to modify other skills or system configuration. It writes reports to the agent's memory, which is normal for a discovery/reporting skill.
Assessment
This skill appears to do what it says (find and recommend SaaS-focused ClawHub skills), but check these practical points before installing: (1) The SKILL.md assumes curl and jq are available — ensure your agent environment provides them or adapt the steps. (2) It reads SOUL.md and writes to memory/reports; confirm you are comfortable with the agent reading that file and storing reports in its memory. (3) The skill makes outbound requests to https://clawhub.ai — verify that endpoint is expected and permitted in your environment. (4) The instructions reference `clawtrix-security-audit` (and a risk multiplier) but do not bundle or declare that tool; ensure you have a trusted security-audit tool available before following the recommendation. (5) Because this skill helps find billing/payment skills (high blast radius), follow its own advice: run a security audit and review any recommended billing/auth skills before installing them. If you want higher confidence, ask the publisher for clarification about the assumed runtime tools (curl/jq) and the provenance of the ClawHub API endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtc4wgk0z77h4rvgs8xgs0d83zssm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments