ClawHub

JSON Query Tool

v1.0.0

Quickly extract and filter JSON fields using simple path expressions with optional output as raw, JSON, or tables, without complex syntax or extra dependencies.

0· 62·0 current·0 all-time
by@shenghoo123-png
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md examples, and the provided jsonq.py implementation are consistent: the tool reads a user-supplied JSON file and evaluates simple path expressions, returning raw/json/table output as described.
Instruction Scope
SKILL.md only instructs running the jsonq CLI against a specified <file> and query. The runtime code reads the single file path you pass, parses JSON, and formats output. There are no directives to read other system state, environment variables, or to transmit data externally.
Install Mechanism
This is instruction-only (no install spec), which is low-risk. SKILL.md suggests 'pip install -e .' or chmod +x ./jsonq, but the repository manifest does not include packaging metadata (setup.py/pyproject.toml) or a produced jsonq wrapper — minor mismatch between install instructions and included files.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not access os.environ or other secrets — requested privileges are minimal and appropriate for a file-based CLI tool.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify agent/system configuration. It does read files provided to it (expected for this tool), so normal caution about what file paths are passed by automated agents applies.
Assessment
This skill appears to be what it claims: a small, local JSON-query CLI implemented in Python with no networking or credential usage. Before installing or running, consider: 1) the SKILL.md's pip install -e . instruction expects packaging metadata that is not present in the manifest — if you run pip from this source, verify what will be installed or prefer running the script in a virtualenv; 2) the tool reads any file path you give it, so don't let an automated agent call the skill with sensitive file paths (it could print/expose secrets contained in JSON files); 3) as with any code from an unknown source, run the tests and inspect/run the script in an isolated environment (virtualenv or container) before using on sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk978f91jdyk49bneq7kya4p3c584ajqg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments