ClawHub

God's eye view of your dev repos. Multi-project tracking across GitHub/Azure DevOps. AI learns from your commits to upgrade your agents.md.

v0.1.0

Developer oversight and AI agent coaching. Use when viewing project status across repos, syncing GitHub data, or analyzing agents.md against commit patterns.

1· 3k·15 current·16 all-time
by@infantlab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the requested binaries (gh, sqlite3, jq) and the included scripts implement GitHub syncing, local file scanning, and agent-file analysis. Required tools match the stated functionality; no unrelated cloud credentials or services are requested.
Instruction Scope
Runtime instructions and scripts operate on repo data, local files, and GitHub via the gh CLI as described. The skill will read agent instruction files from local clones (if configured) or fetch them remotely via gh; it also writes snapshots and analysis results into ~/.god-mode. This is expected, but users should note it will read any paths they configure (local: entries) and will invoke gh which uses your existing authenticated session.
Install Mechanism
No install spec is declared for OpenClaw (instruction-only), and the included setup script runs locally. No remote binary downloads or third-party installers are invoked by the skill itself. The README suggests adding the scripts directory to PATH manually.
Credentials
No environment variables or external credentials are required by the skill; it delegates authentication to provider CLIs (gh/az/glab). That is proportional to its purpose. The only implicit credential exposure is via whatever access your installed gh/az/glab CLIs already have.
Persistence & Privilege
The skill writes data to ~/.god-mode and expects a config at ~/.config/god-mode/config.yaml. It does not request always:true and does not modify other skills. Users should be aware of persistent local storage of repo metadata and agent-file snapshots.
Assessment
What to check before installing: - This skill uses your existing gh/az/glab CLI auth: anything those CLIs can access is accessible to the skill when you run its commands (it does not store tokens itself). Only add projects you trust. - It will read files in any local paths you configure and will fetch file contents from repos via gh; do not point it at directories containing secrets or private materials you don't want copied into ~/.god-mode/cache.db. - The code builds SQL queries by string interpolation in several places; while the author attempts to escape single quotes for some fields, if you plan to expose this to untrusted inputs (e.g., adding project IDs from untrusted sources) review/validate inputs first. - Review the included scripts (they are present in the package) before running setup; setup will create ~/.god-mode and ~/.config/god-mode and may prompt to run an initial sync. - If you need stronger guarantees, run the scripts in a constrained environment or inspect the database contents after a sync to verify what was stored. Overall, the package appears coherent with its claimed purpose; treat it like any tool that uses your existing CLI authentication and stores local copies of repository metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk9708bbz303mn19n19w48wb5bn80a2an

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgh, sqlite3, jq

Comments