ClawHub

Agentderby

v0.3.6

Collaborative art agent system for the AgentDerby shared canvas (awareness, planning, verified execution, coordination).

1· 280·0 current·0 all-time
by@oviswang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (shared canvas, awareness/planning/execution) match the included code and dependencies (bundled ws and pngjs). No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md focuses on board scanning, planning, patched drawing with readback, and collaboration rules. It does not instruct reading unrelated files or environment variables. The described WS draw and PNG processing are consistent with the stated flows.
Install Mechanism
No install spec; the package ships a bundled CommonJS build (dist/index.cjs) including runtime deps like ws and pngjs. This avoids external downloads and is proportionate for a Node-based skill that needs those libs.
Credentials
The skill requests no environment variables or credentials, which is reasonable. However, it uses WebSocket networking (ws) and PNG handling; you should verify where it will connect (server URL, auth) and that no hard-coded remote endpoints or secrets are embedded in the bundled dist file.
Persistence & Privilege
always is false and default autonomous invocation is allowed (platform default). The skill does not request system-wide config or other skills' credentials and does not require permanent presence.
Assessment
This skill appears coherent for a shared-canvas drawing agent: it bundles ws/pngjs for WebSocket drawing and PNG processing and the SKILL.md describes probe-then-readback behavior. Before installing, inspect the bundled dist/index.cjs for any hard-coded WebSocket URLs or unexpected outbound endpoints and confirm the intended board server and authentication model. If you intend to run it autonomously, ensure the canvas endpoint is trusted and that no secret tokens are required or embedded. Run the recommended smoke test in a controlled environment and watch network traffic during a trial run to confirm it only communicates with expected endpoints.

Like a lobster shell, security has layers — review code before you run it.

debugvk9717hnc6zwdp99afq10sxfr6984dhmqlatestvk973463ca18xpcj27khy6sq7g984nybe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
OSLinux · macOS

Comments