ClawHub

Dual Thinking

v8.3.1

Second-opinion consultation plus automatic skill-engineering escalation for reviews, rewrites, hardening, weak-model optimization, packaging, testing, and pu...

0· 351·0 current·0 all-time
by@ciklopentan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe model-to-model consultation and patch-bearing skill engineering; SKILL.md, tests, and references are consistent with that purpose. No unexpected environment variables, binaries, or external services are required. Packaging/test mentions are consistent with a skill focused on review/rewrite/publish readiness.
Instruction Scope
The runtime contract strictly requires the real artifact to be pasted inline for consultant rounds and mandates patching accepted fixes and running validators/tests during publish-readiness flows. This is coherent with a review/engineering workflow, but it means the agent will (by design) ask for or process full artifact text and may attempt to mutate artifacts or run tests if given filesystem access. That behavior is intended for the skill but raises user-level privacy and operational cautions (do not paste secrets; ensure backups and sandboxed test execution).
Install Mechanism
No install spec — instruction-only skill. No downloads or package installs are performed by the skill bundle itself, so there is minimal install-time risk.
Credentials
The skill declares no required environment variables, primary credential, or config paths. The artifacts and tests reference local files relative to a skills workspace; nothing in requires.env appears disproportionate to the stated task.
Persistence & Privilege
always:false (default) and model invocation not disabled (platform default). The skill does not request elevated persistent privileges or modify other skills' configs. Because it is allowed to patch artifacts by design, granting the agent write access to your workspace is the main privilege to consider.
Assessment
This skill is internally coherent for reviewing and hardening skills: it expects full artifact text pasted inline, will prefer patch-bearing fixes, and includes tests/packaging steps. Before using it: (1) avoid pasting any secrets or private keys into prompts — paste only the code/artifact text you intend reviewed; (2) only grant the agent filesystem or test-run permissions in a sandbox or on a copy/branch and make backups before allowing auto-patching; (3) inspect the included test scripts and PACKAGING_CHECKLIST (there is a stray node -e example with an absolute /home/ path) to ensure no developer-local commands will run against your system; (4) if you want to prevent automatic mutations, restrict the agent's write permissions or instruct it to produce patches as diffs for manual review rather than applying them automatically. Overall the skill looks legitimate for its stated purpose but exercise normal caution about exposure of secrets and auto-file writes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97az7e2pr9p4c512gy4tz2gjx84n30f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments