ClawHub

Graceful Boundaries

v1.2.0

Assess any API or website's Graceful Boundaries conformance level and provide concrete guidance for reaching the next level. Use this skill when the user ask...

0· 94·0 current·0 all-time
bySam Rogers@snapsynapse
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (assess Graceful Boundaries conformance) matches the included docs, checker, and builder code. All requested actions (HTTP fetches, adding structured error responses) are coherent with the stated purpose.
Instruction Scope
SKILL.md and builder instructions limit activity to HTTP inspection and source-code changes for implementing the spec. The audit explicitly disallows hammering endpoints to trigger 429s and does not instruct reading unrelated files or secrets.
Install Mechanism
No install spec is declared (instruction-only), which is low risk. The bundle includes Node.js scripts (evals/check.js, tests) that the SKILL.md suggests running as an optional accelerator, but the skill metadata does not declare 'node' as a required binary — a minor documentation inconsistency. There are no downloads or remote install URLs in the bundle.
Credentials
The skill requests no environment variables, credentials, or config paths. All operations are network calls to the user-provided target URL or local code edits (builder). No unrelated secrets are requested.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request permanent system presence or modify other skills' configs. The builder variant performs code edits in the current project (expected for a builder skill) — this is normal but impactful, see user guidance.
Assessment
This bundle appears coherent and safe for its stated purpose. Notes before you install or allow the agent to run it: (1) The package contains Node.js scripts you can run locally (node evals/check.js) but the skill metadata doesn't list 'node' as a required binary — ensure your runtime supports Node or run the scripts in a local sandbox. (2) The builder skill is designed to modify your project's source files to add error handlers/endpoints — back up your code, review diffs, and run tests before committing changes. (3) The audit explicitly warns not to 'hammer' services to induce 429s; follow that guidance. If you want a tighter assessment, provide the runtime environment (can the agent run node?), or confirm whether you will permit the agent to edit repository files autonomously; that would affect risk posture.

Like a lobster shell, security has layers — review code before you run it.

latestvk978gy3atp7nsewy2fj7kdjfsh84egva

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments