ClawHub

First Principle Analyzer

v2.4.1

Use this skill when analyzing complex problems through first principles. Provides structured 7-phase analysis framework, assumption identification and challe...

0· 154·1 current·1 all-time
by@pagoda111king
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md all describe a 7‑phase first‑principles analysis workflow and the runtime instructions match that purpose (CLI examples, report export, collaboration). Minor inconsistency: package.json and metadata.json reference an entrypoint (src/index.js) and CLI behavior, but no code files / src/ directory are included in the package — the skill is otherwise instruction-only. This is likely benign (documentation/packaging mismatch) but worth noting.
Instruction Scope
SKILL.md confines itself to problem analysis tasks (ask questions, perform 5‑Why, generate reports). It lists agent tools including Read, Write, Bash, and Exec and shows CLI examples (clawhub install, first-principle-analyzer analyze/export/share). There are no instructions to read arbitrary system files, exfiltrate env vars, or call unknown external endpoints. However, the presence of Bash/Exec means the agent could run shell commands when invoked — that capability is powerful but consistent with the documented CLI usage. If you enable the skill, consider whether you want it to be allowed to execute shell commands on your environment.
Install Mechanism
No install specification or remote download is included; the skill is instruction-only and does not write code to disk or pull external archives, which is low risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. SKILL.md does not request secrets or access to unrelated services. This is proportionate to an analysis/reporting skill.
Persistence & Privilege
Flags indicate default behavior (always: false, model invocation enabled). The skill does not request permanent presence or system-wide configuration changes.
Assessment
This skill appears coherent and low-risk: it’s an instruction-only analysis framework that does not request credentials or perform installs. Before enabling or granting execution privileges, consider the following: 1) the SKILL.md lists Bash/Exec — when the skill runs it may execute shell commands on your host; only allow it if you trust the skill/owner or if you will invoke it manually. 2) The package metadata references a CLI entrypoint (src/index.js) but no code is included in the bundle — this is likely a packaging/documentation mismatch; if you expect a local CLI, verify the implementation before running commands like 'first-principle-analyzer analyze'. 3) The 'share' and 'export' commands imply sending reports or writing files — review where exports are sent and avoid sharing sensitive data. 4) If you want stronger assurance, ask the publisher for the missing source, or run the skill in a sandboxed environment or with manual invocation only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0x8ec0m8d2qb8zfwhce3kh84ac85

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments