ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Runtime Verifier

v1.0.0

Use when a code change must be verified by actually running the app, endpoint, or CLI flow instead of relying only on unit tests.

0· 79·0 current·0 all-time
by@wimi321

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wimi321/runtime-verifier.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Runtime Verifier" (wimi321/runtime-verifier) from ClawHub.
Skill page: https://clawhub.ai/wimi321/runtime-verifier
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install runtime-verifier

ClawHub CLI

Package manager switcher

npx clawhub@latest install runtime-verifier
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions (actually running apps/CLIs to verify changes). However, the skill declares no required binaries or environment details even though runtime verification typically requires specific tools, commands, or startup scripts — a modest mismatch in declared requirements versus expected capabilities.
!
Instruction Scope
SKILL.md tells the agent to 'start the needed app, server, or CLI environment' and to 'execute the runtime checks' but is intentionally vague about what commands to run, what files or env vars to read, and what external endpoints to contact. That open-ended guidance grants broad discretion and could lead the agent to access sensitive files/credentials or make network calls unless constrained by the operator or platform sandboxing.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself, which minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate on its face. However, because the runtime instructions may require invoking local tools or reading env/configuration in practice, the lack of declared dependencies or guidance about permitted secrets is noteworthy.
Persistence & Privilege
Skill is not marked always:true and does not request persistent presence or system-wide configuration changes. Autonomous invocation is allowed (platform default) but not accompanied by other privilege escalations.
What to consider before installing
This skill is coherent with its stated purpose but is intentionally high-level and grants the agent broad ability to run processes and interact with systems. Before installing or using it: (1) require a clear, pre-authorized verification plan that lists exact commands, files, ports, and endpoints the agent may use; (2) run verifications in an isolated sandbox/container or test environment to avoid exposing secrets or production data; (3) avoid providing long-lived credentials — use ephemeral or scoped credentials if external services are needed; (4) ask the skill author to declare required binaries and any expected environment variables; and (5) consider adding explicit guardrails in the prompt or platform (no network access, no reading of ~/ or /etc, etc.) to limit accidental access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

claude-codevk975tps7tvec1n743zdhq5btq1842qkmextractedvk975tps7tvec1n743zdhq5btq1842qkmlatestvk975tps7tvec1n743zdhq5btq1842qkm
79downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@wimi321
claude-codeextractedlatest
Download

Runtime Verifier

Use this skill to verify that a change behaves correctly in a running system.

Workflow

  1. Translate the request into a concrete verification plan.
  2. Start the needed app, server, or CLI environment.
  3. Execute the runtime checks exactly as planned.
  4. Report pass/fail per step with evidence.
  5. Clean up any processes or sessions you started.

Guardrails

  • Do not confuse unit test coverage with runtime verification.
  • Prefer observable outcomes over vague confidence statements.
  • Update the verifier instructions if the environment changed and the failure is instruction drift, not product breakage.

Example Requests

  • Actually run the app and prove this change works.
  • Verify this endpoint or CLI flow in a live environment.

Inputs

  • Verification target
  • Expected runtime behavior
  • Environment startup instructions

Outputs

  • Verification plan
  • Pass/fail evidence
  • Cleanup summary

Success Criteria

  • The behavior was exercised in a live runtime.
  • Evidence is explicit.
  • Started processes were cleaned up.

Non-Goals

  • Stopping at unit tests only
  • Vague confidence statements with no evidence

Source Provenance

Derived from src/skills/bundled/verify.ts.

Comments

Loading comments...