ClawHub

Security Best Practices

v1.0.0

Review code with secure-by-default standards, prioritize exploitable risks, and deliver minimal-diff fixes with evidence and regression checks.

0· 1.1k·20 current·20 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (security reviews, prioritized findings, minimal diffs) align with the actual content: review playbook, severity model, remediation patterns, and templates. The only required artifact is a local config path (~/security-best-practices/) which is coherent for a review memory store.
Instruction Scope
SKILL.md limits actions to asking consent, creating/using local memory files, loading the minimum necessary files, and following a documented review workflow. There are no instructions to read unrelated system files, exfiltrate data, or call external endpoints. The skill explicitly states to ask before persisting data.
Install Mechanism
No install spec or code files are present; this is instruction-only which minimizes disk-write risk. There is no download/extract/install behavior to evaluate.
Credentials
No environment variables, binaries, or credentials are requested. The only resource required is a local directory for optional memory and logs; that is proportionate for a review workflow. Note: the files stored there could contain sensitive code snippets or findings, so disk access protections matter.
Persistence & Privilege
The skill may create and reuse local memory in ~/security-best-practices/ after explicit consent (always:false). Autonomous model invocation is allowed (platform default), but the skill does not request elevated system privileges or modify other skills. Consider the persistence trade-off: local files will remain until removed and may contain sensitive findings.
Assessment
This skill appears coherent and safe as an instruction-only security review helper. Before installing or enabling it: 1) Confirm you are comfortable with it creating ~/security-best-practices/ and store sensitive findings there; require explicit consent to create that directory. 2) Ensure that directory has appropriate file-system protections (permissions, disk encryption, backups) because it may hold code snippets or vulnerability evidence. 3) Be cautious before using any offered 'clawhub install' related skills — they are optional third-party installs. 4) If you need networked reviews or CI integration, verify any follow-up steps explicitly (the skill itself declares no external exfiltration). If you want extra assurance, request the author/source or a signed provenance for the skill before wide deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97862fzjwrmtz7stbbxqs5rzn81z297

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
OSLinux · macOS · Windows
Config~/security-best-practices/

Comments