ClawHub

Code 1.0.4

v1.0.0

Coding workflow with planning, implementation, verification, and testing for clean software development.

0· 1.7k·31 current·32 all-time
by@lion504
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (coding workflow, planning, verification) matches the included instruction files that focus on planning, execution guidance, verification, and storing user preferences in ~/code. However, there are inconsistencies in the package metadata: the registry owner ID and the _meta.json ownerId do not match, and version numbers differ (skill is labeled 1.0.4 in files but registry metadata shows 1.0.0). Those mismatches are unexplained and could indicate packaging or provenance issues.
Instruction Scope
SKILL.md and supporting files keep scope local and user-driven: they instruct reading ~/code/memory.md and the user's project, only store preferences on explicit request, and declare no network access. A potential ambiguity: execution.md says 'When user approves a step: 1. Execute that step' — it's not explicit whether 'execute' means 'perform guidance actions (create files, run commands) on the host' or simply 'describe how to execute'. That ambiguity affects whether the agent might run commands in the project (with user approval) and should be clarified. Otherwise the instructions avoid reading unrelated system files and avoid autonomous actions.
Install Mechanism
No install spec and no code files — instruction-only skill. That is the lowest-risk install pattern (nothing is downloaded or written by an installer). The skill does mention creating ~/code on first use, which is a benign, explicit file-system write if the user consents.
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond ~/code/memory.md. That is proportionate for a local coding workflow assistant.
Persistence & Privilege
always:false and no special privileges are requested. The skill intends to persist only a user-managed ~/code/memory.md file on explicit user request. It does not claim to modify other skills or system-wide settings.
What to consider before installing
This skill looks like a sensible, local coding-workflow guide, but there are a few things to check before installing or trusting it: 1) Metadata mismatch — the owner ID and version strings differ between the registry and the included _meta.json; ask the publisher or registry to explain and confirm provenance. 2) Clarify the meaning of 'Execute that step' — confirm whether the agent will only provide command text or whether it may actually run commands on your machine (even with your approval). 3) Remember the skill will create ~/code and may read your project files to provide contextual guidance; avoid running it in environments with sensitive secrets unless you review what the agent is asked to read. 4) Prefer skills with verifiable authorship (known owner, linked homepage or repository) if you need higher assurance. If you want, ask the publisher to fix the metadata inconsistencies and to explicitly state whether the agent will run commands or only provide instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97avqg3bzsbxcrn0h0nv3axw181r9dm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💻 Clawdis
OSLinux · macOS · Windows

Comments