ClawHub

Nm Leyline Risk Classification

v1.0.0

Inline risk classification for agent tasks using a 4-tier model. Hybrid routing: GREEN/YELLOW use heuristic file-pattern matching, RED/CRITICAL escalate to w...

0· 46·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (risk classification, hybrid routing) match the SKILL.md contents: pattern-based heuristics for GREEN/YELLOW and escalation to Skill(attune:war-room-checkpoint) for RED/CRITICAL. Declared dependency on night-market.error-patterns is plausible for pattern config.
Instruction Scope
Instructions legitimately reference reading task.affected_files, matching file paths, running git status/conflict checks, and executing tests. They also mention checking a 'team inbox' for conflict alerts and performing dependency/import analysis (count_importers). Those actions require repository and project-system access; this is expected for a risk classifier but broadens the skill's runtime read-surface beyond just pattern matching.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables or credentials are required, which is proportionate. The only required config path is night-market.error-patterns; the SKILL.md also embeds pattern rules, so the explicit config requirement is plausible but not fully explained and should be checked.
Persistence & Privilege
always:false and no claims of modifying other skills or system-wide settings. The skill invokes other skills (attune:war-room-checkpoint) for escalation, which is expected; autonomous invocation of that skill is possible but normal for the platform.
Assessment
This is an instruction-only risk-classification skill and appears coherent with its stated purpose. Before installing, ensure you understand and permit the agent's access to: the repository (to read affected_files and run import/coverage analysis), your test runner (it may run related or full test suites for RED), and any project inbox or conflict-tracking system referenced. Check the night-market.error-patterns config (the skill declares this path) and verify the external skill attune:war-room-checkpoint (used for high-risk escalation) is trusted in your environment. No credentials are requested by this skill, but granting repository/test access is needed for it to work and increases the surface area — if you want a smaller blast radius, restrict the skill to read-only repo access or require human approval before escalation to war-room steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk971q0mg77abdpzerg7y5dtjh584s17t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.error-patterns

Comments