ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

File Placement

v1.0.0

Enforces ZERO TOLERANCE file placement rules for documentation and scripts. Use when (1) Creating any .md file, (2) Creating any .sh script, (3) Organizing d...

0· 100·1 current·1 all-time
byToby Morning@urbantech

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for urbantech/file-placement.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "File Placement" (urbantech/file-placement) from ClawHub.
Skill page: https://clawhub.ai/urbantech/file-placement
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install file-placement

ClawHub CLI

Package manager switcher

npx clawhub@latest install file-placement
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (enforce file placement) aligns with the instructions (where to put .md and .sh files). However, the mapping is hard-coded to absolute paths under /Users/tobymorning/Desktop/core/ and AINative-website, which is specific to one developer/environment and unlikely to be appropriate for other users/projects. The skill claims to 'enforce' rules but provides no code or declared hooks (pre-commit, CI, filesystem watcher) to implement enforcement.
Instruction Scope
SKILL.md gives explicit, prescriptive rules and a checklist for "before creating" files. It does not instruct the agent to read secrets or external endpoints. But it implicitly requires the agent/operator to inspect filesystem locations and file creation contexts (e.g., detect root vs docs/ or scripts/). The instructions do not specify how enforcement occurs, how to detect attempted file creation, or how to handle projects with different root paths—so there's a gap between claimed enforcement and actionable steps.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface. Nothing is downloaded or written to disk by the skill package itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or broad system access in its metadata. The only concern is the use of absolute user-specific paths in the instructions (not a credential issue, but a scope/usability issue).
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent inclusion or elevated platform privileges. There is no code that modifies other skills or global config.
What to consider before installing
This skill appears to be a policy document: it tells an agent or human how to place documentation and scripts, but it does not include any implementation (hooks, watchers, linters) or a way to adapt to other projects. Before installing or relying on it, consider: (1) the rules are tied to /Users/tobymorning/... — if you are not that user, ask for a configurable base path or generalized rules; (2) it claims to 'enforce' but provides no enforcement mechanism — decide whether you need a pre-commit hook, CI job, or linter and implement that separately; (3) test the rules in a non-production repo to ensure the agent won't block legitimate workflows; (4) if you expect an automated agent to act on these rules, explicitly limit filesystem access and clarify how the agent should detect file creation attempts; (5) if you want this as a template, request removal of hard-coded absolute paths and addition of configuration parameters (project root, allowed exceptions). These issues are implementation/usability concerns rather than clear malicious behavior, but they are important to resolve before adoption.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tksqqv875w7av5s349ewg183gjze
100downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Toby Morning@urbantech
latest
Download

File Placement Rules

🚨 ZERO TOLERANCE FILE PLACEMENT 🚨

STRICT RULES

  • FORBIDDEN: Creating .md files in /Users/tobymorning/Desktop/core/ (except README.md, CLAUDE.md)
  • FORBIDDEN: Creating .md files in /Users/tobymorning/Desktop/core/src/backend/ (except README.md)
  • FORBIDDEN: Creating .md files in /Users/tobymorning/Desktop/core/AINative-website/ (except README.md, CLAUDE.md)
  • FORBIDDEN: Creating scripts (.sh) in /Users/tobymorning/Desktop/core/src/backend/ (except start.sh)

REQUIRED LOCATIONS

Backend Documentation → /Users/tobymorning/Desktop/core/docs/

  • Issues/Bugs: docs/issues/ISSUE_*.md, docs/issues/BUG_*.md, docs/issues/ROOT_CAUSE_*.md
  • Testing/QA: docs/testing/*_TEST*.md, docs/testing/QA_*.md
  • Agent Swarm: docs/agent-swarm/AGENT_SWARM_*.md, docs/agent-swarm/WORKFLOW_*.md, docs/agent-swarm/STAGE_*.md
  • API Documentation: docs/api/API_*.md, docs/api/*_ENDPOINTS*.md
  • Implementation Reports: docs/reports/*_IMPLEMENTATION*.md, docs/reports/*_SUMMARY.md
  • Deployment: docs/deployment/DEPLOYMENT_*.md, docs/deployment/RAILWAY_*.md
  • Quick References: docs/quick-reference/*_QUICK_*.md, docs/quick-reference/*_REFERENCE.md, docs/quick-reference/STEPS_*.md
  • Backend Features: docs/backend/RLHF_*.md, docs/backend/MEMORY_*.md, docs/backend/SECURITY_*.md
  • Development Guides: docs/development-guides/CODING_*.md, docs/development-guides/*_GUIDE.md, docs/guides/*_INSTRUCTIONS.md
  • Planning: docs/planning/PRD_*.md, docs/planning/BACKLOG*.md

Frontend Documentation → /Users/tobymorning/Desktop/core/AINative-website/docs/

  • Frontend Features: AINative-website/docs/features/
  • Frontend Testing: AINative-website/docs/testing/
  • Frontend Implementation: AINative-website/docs/implementation/
  • Frontend Issues: AINative-website/docs/issues/
  • Frontend Deployment: AINative-website/docs/deployment/
  • Frontend Reports: AINative-website/docs/reports/

Scripts → /Users/tobymorning/Desktop/core/scripts/

  • ALL test scripts: scripts/test_*.sh
  • ALL migration scripts: scripts/*_migration.sh
  • ALL monitoring scripts: scripts/monitor_*.sh
  • ALL utility scripts: scripts/*.sh

ENFORCEMENT WORKFLOW

Before creating ANY .md file or .sh script, you MUST:

  1. ✅ Check if you're creating it in a root directory
  2. ✅ If yes, STOP and use the appropriate docs/ or scripts/ subfolder
  3. ✅ Choose the correct category based on filename patterns above
  4. ✅ Create in the correct location FIRST TIME, not in root then move later

VIOLATION CONSEQUENCES

Creating documentation in root directories causes:

  • Project clutter and disorganization
  • Wasted time reorganizing files
  • Inconsistent documentation structure
  • Developer frustration
  • Loss of findability for important docs

THIS IS A ZERO-TOLERANCE RULE. ALWAYS use docs/ or scripts/ subfolders.

Reference Files

See references/directory-mapping.md for complete mapping table of filename patterns to required directory locations.

Comments

Loading comments...