ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

docsiphon Doc Corpus Operator

v1.0.0

Use when an agent needs to run Docsiphon through the CLI-first path, export a small documentation subtree, and inspect the resulting audit artifacts without...

0· 60·0 current·0 all-time
byYifeng[Terry] Yu@xiaojiou176

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xiaojiou176/docsiphon-doc-corpus-operator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "docsiphon Doc Corpus Operator" (xiaojiou176/docsiphon-doc-corpus-operator) from ClawHub.
Skill page: https://clawhub.ai/xiaojiou176/docsiphon-doc-corpus-operator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install docsiphon-doc-corpus-operator

ClawHub CLI

Package manager switcher

npx clawhub@latest install docsiphon-doc-corpus-operator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents: the packet teaches CLI-first Docsiphon usage (uvx/uv), a scoped export, and inspection of local artifacts. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and references instruct running uvx to fetch and run Docsiphon and to export/inspect site content. This stays within the stated scope, but the demo example includes a third-party target URL (developerdocs.instructure.com) and the flow entails crawling external sites and producing local artifacts — users should be aware that running the demo will retrieve remote site content.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However, the recommended flow runs 'uvx --from git+https://.../docsiphon.git' which fetches and executes code from a GitHub repo at runtime; fetching/executing remote code is expected for a CLI-first package but carries the usual trust risk and should be done in an isolated environment or after code review.
Credentials
The packet declares no environment variables, credentials, or config paths. The lack of secrets is proportionate to the described function.
Persistence & Privilege
Flags are default (not always), no persistent installation mechanism or cross-skill/system config modification is requested. Autonomous invocation is allowed by default but is not combined here with elevated privileges or credential access.
Assessment
This packet is internally consistent and simply documents how to run Docsiphon via the uv/uvx CLI and inspect local export artifacts. Before running the demo: (1) review the remote GitHub repo you will execute with uvx (it will fetch and run code), (2) run the export in an isolated/sandboxed environment if you are unsure about the repo, and (3) avoid pointing the tool at private or sensitive sites unless you intend to export that content and have authorization to do so.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk97c43yv77asy1kms8gxjhy5x984m3vfclivk97c43yv77asy1kms8gxjhy5x984m3vfcorpusvk97c43yv77asy1kms8gxjhy5x984m3vfdocsvk97c43yv77asy1kms8gxjhy5x984m3vflatestvk97c43yv77asy1kms8gxjhy5x984m3vflocal-firstvk97c43yv77asy1kms8gxjhy5x984m3vf
60downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Yifeng[Terry] Yu@xiaojiou176
ai-agentsclicorpusdocslatestlocal-first
Download

docsiphon Doc Corpus Operator

Use this skill when an agent needs to run the current Docsiphon CLI flow and inspect the resulting export artifacts from a repo checkout or uvx path.

Product truth

  • docsiphon is currently CLI-first
  • this packet is a host-native secondary lane
  • the packet teaches export and artifact inspection, not a hosted browser workflow
  • any future MCP-aware surface remains future secondary until it ships its own install contract, verification gate, public packet, and lane truth

Current registry truth

  • ClawHub: not submitted yet
  • OpenHands/extensions: not submitted yet

First-success flow

  1. Follow references/INSTALL.md
  2. Run the small scoped export in references/DEMO.md
  3. Inspect manifest.jsonl, report.json, toc.md, and report.html
  4. Only after the first export works, move to bigger site scopes or custom profiles

Preferred evidence order

  1. references/INSTALL.md
  2. references/DEMO.md
  3. references/CAPABILITIES.md
  4. references/TROUBLESHOOTING.md

Truth language

  • Good: CLI-first
  • Good: scoped export
  • Good: audit artifacts
  • Good: host-native secondary lane
  • Forbidden: hosted platform
  • Forbidden: listed-live without fresh host read-back
  • Forbidden: MCP-first

Read next

  • references/README.md
  • references/INSTALL.md
  • references/DEMO.md
  • references/CAPABILITIES.md
  • references/TROUBLESHOOTING.md

Comments

Loading comments...