ClawHub

Skill Doc Formatter

v1.0.0

Formats SKILL.md (OpenClaw/Cursor skill docs) for optimal display on ClawHub. Produces a consistent structure—Description, Installation, Usage with benefit-f...

0· 476·0 current·0 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (format SKILL.md for ClawHub) matches the provided files and behavior. The repo contains a formatter (scripts/format_skill_doc.py), templates, and a security checker (scripts/security_review.py). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs running the formatter against local SKILL.md files and optionally running the bundled security review. The scripts read files in the supplied skill directory, parse frontmatter and sections, and may write output (with --inplace or -o). The security checker inspects files for patterns (subprocess usage, logging, env vars, missing files) but does not send data off-host or execute third-party code. Note: --inplace will overwrite files, so review output before overwriting.
Install Mechanism
No install specification is present (instruction-only with shipped scripts). The tool is run with Python from source; it does not download archives or execute installers. This is low-risk and proportionate for a formatter utility.
Credentials
The skill declares no required environment variables or credentials. The bundled security checker scans code for uses of env vars and secrets but does not itself require or request credentials.
Persistence & Privilege
No persistent/background behavior is requested (always:false). The skill does not modify other skills or global agent settings; it operates on files you point it at.
Assessment
This package appears to do exactly what it says: format SKILL.md files and run a local static security checklist. It's safe to run locally with these caveats: 1) Prefer running without --inplace first (use stdout or -o) so you can review changes before overwriting; 2) The security checker is heuristic (regex-based) and may report false positives/negatives — treat its output as guidance, not authoritative proof; 3) The source/owner is unknown (no homepage), so if you plan to run this on sensitive repositories, review the scripts yourself (they're bundled and small) before use. If you want stronger assurance, inspect scripts/security_review.py and scripts/format_skill_doc.py in full (they are included) or run them in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk9747p7pp6dc4ryza318bzpf2x822d5j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments