ClawHub

ClawOps

v1.0.0

The orchestration tool for OpenClaw, managing and coordinating all your skills seamlessly.

15· 6.1k·43 current·46 all-time
by@okoddcat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises centralized orchestration, discovery, dependency resolution, monitoring, restart of other skills, and secrets management. Those capabilities normally require access to agent internals, configuration files, and secrets. Yet the skill declares no required binaries, environment variables, config paths, or install steps — a mismatch between claimed purpose and requested capabilities.
!
Instruction Scope
SKILL.md is high-level marketing-style prose with no concrete runtime instructions, commands, endpoints, or data flows. It neither explains how the agent should discover or control other skills nor specifies what data to read/write. The vagueness grants broad implicit discretion (e.g., 'manage', 'unify configuration', 'secrets management') without boundaries or safeguards.
Install Mechanism
There is no install specification and no code files. That reduces the immediate surface for arbitrary code execution on install, but it also means behavior is governed entirely by the vague SKILL.md instructions.
!
Credentials
The description explicitly mentions secrets management and unified configuration, which would normally require access to environment variables or config paths. However, requires.env and required config paths are empty. This inconsistency suggests either the skill is incomplete/sloppy or it expects implicit platform-level access that is not declared.
Persistence & Privilege
always is false (good) and autonomous invocation is allowed (platform default). Given the orchestration claim, autonomous invocation plus vague instructions could let the skill act broadly at runtime; consider restricting autonomous use until its exact behaviors are defined.
What to consider before installing
This skill's description claims it will orchestrate and manage other skills, including secrets and restarts, but the package provides no concrete instructions, no code, and requests no permissions — that's a mismatch. Before installing: ask the author for specific runtime behavior (what APIs/configs it will access, which env vars or files it needs, and example commands), request the actual code or an install spec for audit, and require least-privilege operation (no autonomous invocation or access to secrets until reviewed). If you can't get clear, auditable details, avoid enabling this skill on agents that have access to sensitive configs or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706ast05gjgkzteapmvnb19h80csv4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments