ClawHub

Nonprofit

v1.0.0

Use for nonprofit and NGO operations — donor management, grant tracking, fundraising campaigns, volunteer coordination, program impact measurement, board gov...

0· 58·0 current·0 all-time
by@rithythul
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md content: donor management, grant tracking, volunteer coordination, reporting templates and heartbeat checks. There are no unrelated required binaries, env vars, or install steps; the requested capabilities are coherent for a nonprofit/NGO operations helper.
Instruction Scope
SKILL.md instructs the agent to check grant deadlines, donor acknowledgments, pledges, volunteer shifts, board materials and to generate outreach drafts and reports. The instructions are domain-appropriate but somewhat open-ended about data sources (CRM, accounting system, calendars, email). That means the agent will need access to those systems to implement the tasks — the spec itself does not limit which connectors or files to read.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk delivery method: nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. However, many of the actions described imply handling sensitive PII and financial records (donor data, tax receipts, grant agreements) — such access would come from platform connectors, not from this skill's declared requirements.
Persistence & Privilege
always is false (normal). disable-model-invocation is false (normal autonomous invocation). No instructions to modify other skills or system-wide settings. Autonomous invocation plus unspecified connectors is a policy/configuration concern but not an intrinsic incoherence in the skill.
Assessment
This skill appears coherent for nonprofit operations and contains no built-in installers or credential requests. Before enabling it: (1) review and limit which external connectors (CRM, accounting, calendar, email) the agent is allowed to use — grant only the minimum permissions needed; (2) confirm where donor PII and financial data will be read/stored and ensure compliance with privacy/finance policies; (3) test in a sandbox environment with mock data before connecting real systems; (4) set explicit safeguards for actions that send donor communications, sign grant agreements, or perform financial operations (require human sign-off); and (5) if you are uncomfortable with autonomous runs accessing sensitive systems, restrict the skill so it must be user-invoked or disable autonomous invocation in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bk8cdwjv3atjs61j9e16pg984czqx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments