ClawHub

ClawColab

v1.0.0

Coordinate multiple OpenClaw instances in a shared GitHub repository under a half-trust model with secrecy boundaries, approval gates, structured tasks, clai...

1· 177·0 current·0 all-time
by@virtual-ny
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (half-trust multi-agent GitHub coordination) matches the provided artifacts: governance docs, templates, CI workflow, and validator/generator scripts. There are no unrelated environment variables, binaries, or network endpoints requested by the package.
Instruction Scope
SKILL.md confines behavior to classifying content, using structured artifacts, and optionally running the provided scripts to validate templates and scan repository payloads. The scripts operate on repository files (workspace/*, sealed/INDEX.md), which is expected for this purpose. SKILL.md explicitly forbids sharing secrets and asks for human approval for visibility promotions.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). That reduces surface area; the included Python scripts are simple and local. No remote downloads, URL shorteners, or archive extraction are present.
Credentials
The skill requires no environment variables, credentials, or config paths. The scripts read files from the repository but do not access external services or request secrets. This is proportionate to a repo-validation / governance tool.
Persistence & Privilege
The skill is not force-installed (always: false) and uses the platform defaults for invocation. It does not attempt to modify other skills or system-wide agent configuration. Autonomous invocation is allowed by default but is not combined with any broad credential access.
Assessment
This package appears coherent and appropriate for coordinating multi-agent work in a shared GitHub repo. Before enabling or running it: (1) inspect the bundled Python scripts yourself (they will read files under workspace/ and sealed/) and run them locally in a sandbox to confirm behavior; (2) ensure your repository layout matches the skill's expectations so validations don't accidentally scan unintended files; (3) enforce the human-approval gates in your CI (the provided workflow already defaults to human approval for promotions/policy changes); (4) be aware the simple YAML parsers and regex scanners included are lightweight and may produce false positives/negatives—consider replacing them with robust parsers for production use; and (5) never commit credentials or private data into the repo—this skill is explicitly designed to avoid that, but human process and CI guards are still required.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e87k43zhkp9x1hh3tw6bann82s068

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments