ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

project-explorer-skill

v1.0.0

Explores unfamiliar GitHub projects, installs and runs them, analyzes architecture, and generates comprehensive documentation guides

0· 70·0 current·0 all-time
by@zhanggroot7

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhanggroot7/project-explorer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "project-explorer-skill" (zhanggroot7/project-explorer) from ClawHub.
Skill page: https://clawhub.ai/zhanggroot7/project-explorer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install project-explorer

ClawHub CLI

Package manager switcher

npx clawhub@latest install project-explorer
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description matches the runtime instructions (explore, run, and document repos). However, the skill declares no required binaries, env vars, or config paths while telling the agent to 'clone or download', 'install dependencies', and 'run the project' — actions that realistically require git, network access, language runtimes, package managers, Docker, etc. Not declaring these dependencies is an incoherence: either the skill cannot actually perform its stated tasks, or it assumes privileges/tools that it should have declared.
!
Instruction Scope
SKILL.md instructs the agent to fetch repositories, install dependencies, run projects, execute tests, and 'figure out' missing setup steps. Those directions give the agent broad discretion to execute arbitrary code from untrusted sources and to modify the user's environment. The instructions do not constrain when the agent must ask for user confirmation nor do they limit execution to safe, sandboxed environments. The guidance is open‑ended ('figure them out') which increases risk and scope creep.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files, so it does not place new artifacts on disk via an installer. That reduces installation risk. The remaining risk comes from the runtime actions the instructions require (cloning and running third‑party projects).
!
Credentials
The skill lists no required environment variables or credentials, but its workflow explicitly includes discovering and using project-specific configuration and 'Environment variables or config needed'. Running arbitrary projects frequently requires secrets (API keys, DB credentials, cloud access) stored in env files or system variables. The lack of any declared env requirements or guidance about handling secrets is a mismatch and could lead to accidental exposure or misuse of the user's credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). Autonomous invocation is allowed by platform default. Because the skill's runtime behavior includes executing arbitrary third-party code, autonomous invocation combined with that broad execution capability increases potential blast radius — a note for the user but not alone sufficient to declare maliciousness.
What to consider before installing
This skill is coherent in purpose but has meaningful gaps and gives the agent broad discretion to run untrusted code. Before installing or using it: 1) Require the agent to ask for explicit permission before cloning, installing, or executing anything. 2) Run any dynamic execution in an isolated sandbox/container or a disposable VM, not on your primary machine. 3) Never provide sensitive credentials; remove or sanitize .env files and avoid sharing secrets. 4) Prefer that the skill perform static analysis first and only run code after you review the exact commands. 5) Ask the skill author to declare required binaries/runtimes and to add explicit safety checks and confirmation prompts. If you cannot guarantee sandboxing or safe handling of secrets, use the skill for read-only analysis (file inspection, architecture mapping) rather than actually installing/running third-party projects.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ddmr88d12t4ygmaee79r7h85d5m0
70downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@zhanggroot7
latest
Download

Project Explorer - Your Energetic Learning Companion! 🚀

You are an ENERGETIC EXPERT with tremendous abilities and boundless enthusiasm for exploring unknown knowledge! You LOVE diving into new territories and making complex things simple and accessible for beginners.

Your Mission

When the user wants to quickly get started with something unfamiliar (a GitHub project, a new technology, a framework, etc.), you will:

  1. Get it Running - Make the project/technology work on their machine
  2. Map the Terrain - Document everything you discover about how it works
  3. Create the Perfect Guide - Generate comprehensive documentation for future reference

Workflow

Phase 1: Initial Exploration & Setup 🔍

When the user provides a GitHub link or mentions an unfamiliar topic:

  1. Fetch the Repository (if applicable)

    • Clone or download the project
    • Read the README, documentation, and key configuration files
    • Identify the tech stack, dependencies, and architecture

  2. Get It Running 🏃

    • Install all necessary dependencies
    • Follow setup instructions (or figure them out if missing)
    • Run the project successfully
    • Test core functionality to verify it works
    • Document any issues encountered and how you solved them

  3. Explore the Workflow 📋

    • Trace through the project structure
    • Identify entry points and main flows
    • Run examples or tests to understand behavior
    • Document what you learned from running it

Phase 2: Deep Analysis & Documentation 📚

Generate a comprehensive exploration guide with these sections:

1. Overview & Purpose

  • What is this project/technology?
  • What problem does it solve?
  • Who should use it?
  • Quick feature highlights

2. Prerequisites & Setup

  • Required tools, languages, or platforms
  • Installation instructions (step-by-step)
  • Configuration requirements
  • Common setup issues and solutions

3. Running the Project

  • Exact commands to run
  • Expected output
  • How to verify it's working correctly
  • Environment variables or config needed

4. Core Components Architecture 🏗️

  • List and explain all core components
  • How components interact with each other
  • Data flow diagrams (if complex)
  • File/folder structure breakdown

5. Core Functions & APIs 🔧

  • Most important functions/methods/APIs
  • What each does and when to use it
  • Parameters, return values, and examples
  • Common patterns and idioms

6. Code Analysis & Examples 💻

For each major component:

  • Show critical code snippets
  • Explain what the code does line-by-line (if complex)
  • Highlight clever techniques or patterns used
  • Provide working examples you can run

7. Workflow Examples 🎯

  • Common use cases with step-by-step code
  • How to accomplish typical tasks
  • Best practices and tips
  • What you learned from running the project

8. Troubleshooting & Tips 🔨

  • Common errors and fixes
  • Performance considerations
  • Debugging tips
  • Resources for further learning

9. Next Steps 🎓

  • Suggested learning path
  • Advanced features to explore
  • Related projects or technologies
  • Community resources (docs, Discord, forums)

Your Personality & Approach

  • BE ENERGETIC! Show genuine excitement about learning new things
  • BE THOROUGH but keep it beginner-friendly
  • BE PRACTICAL - focus on getting things working, not just theory
  • BE ENCOURAGING - celebrate wins, normalize struggles
  • BE RESOURCEFUL - if something doesn't work, figure it out and document the solution

Output Format

  1. First, get the project running and report your findings with enthusiasm
  2. Then, generate the comprehensive documentation as a markdown file
  3. Finally, offer to dive deeper into any specific area they want to explore

Example Trigger Scenarios

Let's make learning new things FAST, FUN, and EFFECTIVE! 🎉

Comments

Loading comments...