Crunch Compete
v0.1.2Use when working with Crunch competitions - setting up workspaces, exploring quickstarters, testing solutions locally, or submitting entries.
⭐ 2· 704·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Crunch competitions: setup, test, submit) matches the SKILL.md: it directs use of the crunch-cli, creating per-competition venvs, testing locally, browsing quickstarters, and submitting. There are no unrelated required binaries, env vars, or config paths in the registry metadata that would be out of scope.
Instruction Scope
Runtime instructions stay within the competition workflow: creating venvs, pip installing Crunch-related packages from PyPI, running crunch commands, and using the Crunch hub and GitHub API. The skill explicitly requires the user to supply the submission token interactively and instructs the agent to ask before installing unknown packages and not to log tokens. There is no instruction to read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing packages from PyPI into isolated virtualenvs and forbids custom URLs or wheel files from unknown sources. Instruction-only status keeps disk-write/install risk low; pip-from-PyPI in a venv is the expected mechanism for this purpose.
Credentials
The registry declares no required env vars or primary credential, which aligns with the skill being interactive. The SKILL.md does require a user-supplied submission token passed via CLI (not an env var) and documents that the CLI will persist it under the project's .crunch/ config. This is expected for a submit workflow but warrants user awareness because persisted tokens on disk are sensitive and depend on the CLI's storage practices.
Persistence & Privilege
always:false and no system-level installs are requested. The skill creates per-project files/venvs and relies on the crunch-cli to store the token under the project's .crunch/ directory — normal for this use case and not an elevation of agent privileges or modification of other skills.
Assessment
This skill appears coherent for Crunch competition workflows, but take these practical precautions before installing or letting an agent run it: 1) Only install crunch-cli and competition SDKs after confirming their source (review the package/project on PyPI/GitHub) — pip packages run code at install time. 2) Use the recommended virtualenvs and do not install into system Python. 3) Be aware the submission token you provide will be stored in the project's .crunch/ directory; review its contents and file permissions and rotate the token if you later suspect compromise. 4) Follow the skill's rule to approve any additional packages before installation (don’t allow silent auto-install of arbitrary PyPI packages). 5) If you want lower risk, perform installation and the first crunch setup yourself locally rather than granting the agent autonomous permission to run install/setup commands.Like a lobster shell, security has layers — review code before you run it.
latestvk971pdyz2bh36qztcqx59nqz9d81dmg7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.