ClawHub

Skill Param Confirmer

v1.0.1

Downstream skill execution preflight layer. It inspects a target skill, extracts explicit and implicit confirmation fields, normalizes candidate parameters,...

0· 69·0 current·0 all-time
byAGI2Go@pm-geeker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, and SKILL.md consistently describe a preflight/confirmation layer that inspects downstream skill metadata, extracts candidate parameters, classifies risk, prompts the user, and returns a normalized parameter package. There are no unexpected required binaries, env vars, or install steps.
Instruction Scope
The instructions legitimately reference using current user message, prior conversation history, and session state to form candidate parameters. This is expected for a confirmer, but it does mean the skill will operate over conversational context and any metadata passed to it. Ensure downstream metadata does not include secrets or sensitive values you don't want re-surfaced; the SKILL.md does not explicitly forbid handling credentials or other sensitive fields.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk distribution model. Nothing will be written to disk by an installer because there is no installer.
Credentials
The skill declares no environment variables, credentials, or config paths. Its stated inputs (downstream metadata and session context) are proportionate to its purpose. Note: if downstream skills include credentials in their metadata, the confirmer will by design examine those values unless callers sanitize them.
Persistence & Privilege
No always:true, no install-time persistence, and no request to modify other skills or system-wide config. Autonomous model invocation is allowed (platform default) which is appropriate for this utility, but this combined with access to conversational context means it can be invoked during flows — this is expected and not inherently problematic.
Assessment
This skill appears to do what it says: inspect downstream metadata and confirm parameters with the user. Before installing or enabling it broadly: (1) verify how downstream skills will provide metadata — never include raw secrets or credentials in metadata passed to this skill; prefer placeholders that require re-entry at confirmation time; (2) ensure confirmation prompts explicitly label and treat sensitive fields (passwords, API keys, private identifiers) so they are not accidentally logged or forwarded; (3) review and audit typical downstream metadata you expect to pass to this confirmer to ensure no unexpected config or third-party endpoints are embedded; and (4) if you want stricter control, restrict the skill's use to user-invoked flows (avoid automated/autonomous invocation) or require explicit policy that the skill must never auto-forward credentials to external parties. Confidence is medium because this is an instruction-only skill (no code to audit), so its real behavior depends on how your agent supplies metadata and enforces handling rules.

Like a lobster shell, security has layers — review code before you run it.

latestvk974keyyp4pqgjj74vg9ss12j9848zyx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments