ClawHub

Firm Reliability Pack

v1.0.0

Reliability probing and documentation sync pack. Gateway health probing, documentation sync validation, channel audit, and ADR generation. 4 reliability tools.

0· 283·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (gateway probing, doc sync, channel audit, ADR generation) align with the four tool names in SKILL.md. SKILL.md also declares a dependency on mcp-openclaw-extensions >= 3.0.0, which plausibly supplies the named commands.
!
Instruction Scope
The runtime instructions tell the agent to run commands like openclaw_gateway_probe and openclaw_doc_sync_check with a config_path=/path/to/config.json. The skill does not declare any required config paths or explain what parts of that config will be read, nor where probe results are sent. This creates ambiguity about what files the agent will access and whether sensitive data could be read or transmitted.
Install Mechanism
No install spec or code files are present (instruction-only), which means nothing is written to disk by the skill itself — lower surface to audit here. However, the SKILL.md dependency on mcp-openclaw-extensions is not accompanied by an install/source instruction; you must ensure that dependency is installed from a trusted source before use.
!
Credentials
No environment variables or credentials are declared, which is appropriate, but the instructions require passing a config_path. Because config paths can contain credentials or sensitive operational data, the skill should have declared required config paths or documented expected config contents. The absence of that declaration is disproportionate to the implicit file access the skill asks for.
Persistence & Privilege
always is false and there is no installation step that modifies agent/global config. The skill does not request persistent presence or elevated platform privileges in its metadata.
What to consider before installing
This is an instruction-only skill that appears to do what it claims, but it leaves important details unspecified. Before installing or invoking it: (1) confirm the origin and trustworthiness of mcp-openclaw-extensions and install it from a vetted source; (2) inspect or control the config_path you pass — do not point it at files that contain secrets or broad credentials; (3) test the tools in a non-production environment to see what files they read and where they send results; and (4) ask the author (or documentation) for explicit documentation of what config keys are read, any network endpoints the probes call, and whether outputs are transmitted off-host. If you can't get those answers, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk977erkznv6e31fx6hb5fgdj3x8240qt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments