ClawHub

Authorization

v1.0.0

Build secure access control with RBAC, ABAC, permissions, policies, and scope-based authorization.

2· 642·3 current·3 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (authorization, RBAC/ABAC patterns, middleware) matches the content: guidance, code snippets, and design patterns. The skill requires no binaries, env vars, or installs, which is proportional for a reference/authoring skill.
Instruction Scope
SKILL.md and the included files are reference material and implementation examples (middleware.md, models.md, patterns.md). They do not instruct the agent to read local files, access environment variables, or make network requests at runtime. Some examples mention secrets (jwt secret) and logging request context; these are illustrative for implementers, not commands for the agent to exfiltrate data.
Install Mechanism
No install specification is present (instruction-only), so nothing will be downloaded or written to disk—lowest installation risk.
Credentials
The skill declares no required environment variables or credentials. Example code references typical implementation artifacts (jwt secret, redis), but the skill doesn't request them. This is proportionate for a design/reference skill.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent presence or attempt to modify other skills or system-wide settings.
Assessment
This skill is documentation and implementation examples for building authorization systems — it does not ask for credentials, perform installs, or make network requests. It's safe to read and use as guidance. When you copy examples into your code, take care to: (1) supply secrets (JWT secret, Redis credentials) from secure environment/storage, not hardcode them; (2) audit and protect any authorization audit logs (they may contain IPs or user agents); and (3) avoid running unfamiliar external commands like 'clawhub sync' without understanding what they do. If you plan to let an autonomous agent modify your codebase using this guidance, ensure the agent has only the minimal file access necessary and does not have access to other credentials or systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk975bna7n3d3qgs9tv4b4wmss981d38d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
OSLinux · macOS · Windows

Comments