ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Write

v1.0.0

Plan, draft, version, and refine written content with enforced versioning and quality audits.

3· 1.3k·12 current·12 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (writing with versioning and audits) aligns with the provided scripts and docs: workspace init, new piece, edit (with backups), audits, listing, restore, and cleanup. All functionality is local and appropriate for a writing/versioning tool.
!
Instruction Scope
SKILL.md instructs calling scripts under ./scripts/ (e.g., ./scripts/init-workspace.sh), but the provided file manifest lists the shell scripts at repository root (init-workspace.sh, edit.sh, etc.). This path mismatch will break the recommended commands. Also the docs repeatedly require jq for JSON metadata manipulation, but the skill's requirements section lists no required binaries; the runtime instructions and scripts implicitly depend on jq and standard POSIX utilities. Otherwise, the scripts only read/write files under the specified workspace and do not attempt to access unrelated system files or network endpoints.
Install Mechanism
This is an instruction-only skill with bundled shell scripts (no installer downloads or external package installs). Nothing in the package fetches remote artifacts or writes to system-wide locations. Risk is low, but the user should inspect and run scripts in a sandboxed directory initially.
Credentials
The skill declares no environment variables, no credentials, and no protected config paths. The scripts operate solely on a user-specified workspace path. There are no requests for unrelated secrets or external service keys.
Persistence & Privilege
always is false and the skill does not request elevated or permanent platform privileges. Scripts manage only their own workspace files and do not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent and local-only, but do these before using: (1) Fix the path mismatch — either move the script files under a scripts/ directory or update SKILL.md commands to ./init-workspace.sh etc.; (2) Ensure jq is installed (scripts call jq) or update scripts to not require it; (3) Inspect the scripts yourself (they operate on files and delete versions with explicit confirmation) and run init-workspace.sh in a safe test directory first; (4) If you plan to let an autonomous agent run this skill, understand it will create and modify files under the workspace you provide — choose a workspace location you control. If you'd like, I can produce a patched SKILL.md or relocate the scripts so the paths match.

Like a lobster shell, security has layers — review code before you run it.

latestvk979hqrfahz60bjec2y2zwjyks80zd1m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✍️ Clawdis
OSLinux · macOS

Comments