ClawHub

Skill Pack Composer

v1.0.0

把多个 Skill 组合成套装,检查 slug、依赖、资源和定位冲突。;use for skills, bundle, packaging workflows;do not use for 混入重复职责的 skill, 忽略依赖冲突.

0· 97·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (skill pack composition, conflict checking) align with the included resources: a template, spec.json, examples, and a local Python audit script that enumerates files, extracts headings, and produces structured reports. The declared requirement (python3) is proportional to the stated purpose.
Instruction Scope
SKILL.md explicitly limits behavior to assembling reports and producing dry-run/auditable outputs; it also suggests invoking the bundled script. The script reads files under the provided directory (Markdown, code, JSON, etc.) to build reports and runs pattern scans for risky tokens. This read-only behavior is expected for a directory-audit tool, but it will surface file contents and 'secret-like' snippets from any directory you point it at.
Install Mechanism
No install spec — instruction-only with a bundled script. The script is local and runs under python3; no external downloads or package installs are performed. This is a low-risk install footprint.
Credentials
No environment variables, no credentials, and no config-path requirements are requested. The tool works with input directories you supply; it does not require unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or system-wide settings. The SKILL.md and script emphasize read-only/dry-run behavior and not performing external publish/write actions without explicit user decision.
Assessment
This skill appears to do what it says: local auditing and report generation for skill bundles using the included Python script. Before running: (1) Review scripts/run.py yourself if the author is untrusted; (2) avoid pointing the tool at directories that contain private keys, passwords, or other sensitive data you do not want put into a report file; (3) use the --dry-run option or redirect output to a local file and inspect it before sharing; (4) run it in a sandbox or container if you want extra isolation. The tool will scan files for 'secret-like' patterns and other risky snippets (it masks long tokens minimally), so treat any generated report as potentially sensitive.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nra2bs2jnb77ff1xdhz1gn838pgf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎁 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments