ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adapter Audit

v1.0.0

Use this skill to audit CLI adapter projects (like opencli) for missing output fields, then batch-generate fixes and submit PRs. Turns AI agents into adapter...

0· 78·0 current·0 all-time
by@allens0104

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for allens0104/adapter-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Adapter Audit" (allens0104/adapter-audit) from ClawHub.
Skill page: https://clawhub.ai/allens0104/adapter-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install adapter-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install adapter-audit
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes scanning, modifying adapters, running build/tests, and submitting a PR — all coherent with an 'adapter-audit' purpose. However the registry metadata claims no required binaries or env vars, which is inconsistent: practical execution requires tools like git, node/npm (for npm run build/test), and a mechanism/credential to push branches and open PRs (e.g., GITHUB_TOKEN).
Instruction Scope
Instructions stay on-topic (scan repository files, add fields, run build/test, create a PR). They do not instruct reading unrelated system files or exfiltrating data. Missing are explicit, deterministic steps for authentication and for whether changes should be pushed to a fork or upstream — giving the agent broad discretion about push/PR targets.
Install Mechanism
This is an instruction-only skill with no install spec or code files; that reduces installer risk because nothing is written by the skill package itself.
!
Credentials
No credentials or environment variables are declared even though the skill's primary function (submitting PRs) typically requires repository write access or a GitHub token. The absence of declared required auth is a mismatch and could result in the agent attempting to use ambient credentials or prompting the user for secrets at runtime.
Persistence & Privilege
The skill is not always-enabled. It will modify local repository files and run build/test commands in the user's workspace — normal for this purpose, but potentially impactful. Because the agent can act autonomously (platform default), if the agent has push privileges the skill could create branches/PRs; the skill itself does not request persistent privileges or alter other skills.
What to consider before installing
This skill is instruction-only and seems designed to edit your repository and create PRs, but the package metadata omits practical requirements. Before installing or running it: 1) Treat it as a tool that will modify your workspace — run it on a fork or disposable branch. 2) Expect it to need git, node/npm (to run npm run build/test), and a GitHub auth method (GITHUB_TOKEN or SSH key) to push and open PRs; ask the publisher which credentials are required and how they are used. 3) Provide least-privilege credentials (e.g., a token scoped only to repo creation/PR for a specific repo or use a fork workflow). 4) Confirm whether the agent will push to upstream or to your fork and whether it will force-push. 5) If you cannot safely provide push credentials, consider running the audit in 'dry-run' mode: have the agent generate patch files or a local branch only, then review and push manually. 6) Ask the publisher to update the skill metadata to declare required binaries and environment variables and to document authentication and PR target behavior. If you cannot get these clarifications, treat the skill as potentially risky and prefer manual or sandboxed execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97622tf5bcvtsfqp7zqwg7qfx844d87
78downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@allens0104
latest
Download

Adapter audit skill

Use this skill when you want to systematically audit and fix CLI adapter projects — for example, scanning all search adapters in opencli for missing url fields and batch-generating patches.

When to use

  • auditing adapter output schemas for missing fields (url, timestamp, thumbnail, etc.)
  • generating batch fixes across many adapters at once
  • preparing multi-file PRs to upstream projects
  • maintaining output consistency across a large adapter registry

Core workflow

1. Scan

Scan all adapters in the target project and classify each by:

  • adapter type (YAML declarative vs TS/JS coded)
  • which output fields are present
  • which standard fields are missing

Standard fields to check:

  • url — direct link to the content item
  • title — content title
  • author — creator/author name
  • timestamp / date — publish or capture time

2. Classify fix type

For each missing field, determine the fix strategy:

SituationFix strategy
Field is computed internally but not in columnsAdd to columns list
Field is computed but stripped by a map stepPass through the map step + add to columns
Field is not computed but can be constructed from existing dataAdd construction logic + add to columns
Field requires external data not available in the API responseSkip or mark as "needs upstream API change"

3. Fix

Apply fixes using the minimum change principle:

  • For YAML adapters: add field to return object + map step + columns array
  • For TS adapters: add field to return object + columns array
  • Never change existing fields or behavior
  • Only add new fields

4. Verify

After fixing, run the project's existing tests:

npm run build    # ensure TS compiles
npm test         # ensure nothing breaks

5. Submit

Create a single well-documented PR with:

  • clear title describing the scope
  • table showing before/after coverage
  • per-adapter fix type classification
  • risk assessment (should always be "additive only")

Proven example

This skill was used to audit opencli's 33 search adapters:

  • Before: 22/33 (67%) had url in output
  • After: 32/33 (97%) had url in output
  • Fix types used: columns-only (3), map-passthrough (2), construct-from-data (4)
  • Files changed: 9
  • Lines changed: +17 / -10
  • PR: merged within hours, all CI green

Output contract

The audit output should include:

  1. total adapters scanned
  2. per-adapter field coverage table
  3. fix strategy for each missing field
  4. list of files changed
  5. before/after coverage metrics
  6. risk classification

Key rules

  • Never modify existing output fields — only add missing ones
  • Prefer constructing URLs from existing API data over adding new API calls
  • Skip fields that genuinely don't apply (e.g., url for dictionary word lookup)
  • Always verify the constructed URL format is correct for the platform
  • Group all fixes into a single PR for easier review

Quick invocation template

Use /adapter-audit to scan all search adapters in this CLI project for missing url fields, fix them, and prepare a PR.

请用 /adapter-audit 扫描这个 CLI 项目里所有 search adapter 的缺失字段,批量修复并准备 PR。

Comments

Loading comments...