ClawHub

Construction

v1.0.0

Use for construction and project management operations — project scheduling, daily site reports, subcontractor coordination, material procurement, budget tra...

0· 72·0 current·0 all-time
by@rithythul
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (construction/project management) align with the SKILL.md content: scheduling, daily reports, subcontractor coordination, procurement, budget tracking, RFIs, safety, etc. There are no unrelated required binaries, env vars, or config paths declared.
Instruction Scope
The runtime instructions describe checks (heartbeat), alerts, and document/report templates that are appropriate for the stated purpose. However the SKILL.md assumes access to project data (milestones, budgets, RFIs, daily reports, photos, PO records) and abilities to alert/escalate, but it does not specify where that data lives or which integrations/credentials to use. This is a functional gap (integration unspecified) rather than a direct security mismatch.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install model; nothing will be written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The actions described would normally require access to PM systems (e.g., Procore,ERP,cloud storage) but the skill does not request any secrets itself, which is proportionate. Consumers will need to provide appropriate integration credentials in the agent environment separately if they expect the skill to act on real data.
Persistence & Privilege
The skill does not request always:true or any special persistent system privileges. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or credential requests within the skill.
Assessment
This skill is coherent and instruction-only, but it assumes access to project data and notification channels without specifying integrations. Before installing or enabling it: (1) Decide which project systems (Procore, PlanGrid, SharePoint, ERP, cloud storage) the agent should read/write and provision only the required credentials via a secure secrets store; (2) Review and test the Heartbeat alerts in a sandbox to avoid noisy or misdirected escalations; (3) Confirm how photos and sensitive site information will be stored/transmitted to meet privacy and contractual requirements; (4) Limit the agent's write permissions (notify vs. auto-change) until you're comfortable with its behavior. If you want the skill to act on live data, you or your integrator should add explicit, scoped connectors and credential use so actions are auditable.

Like a lobster shell, security has layers — review code before you run it.

latestvk977x7y030e18swnrc8r7g1n5s84c6fz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments