ClawHub

File Versioning

v1.0.0

Provides git-style version control for any file with snapshots, diffs, tags, restore, and auto-watch—no git repository needed.

0· 19·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the provided SKILL.md and version_engine.js implementation: it implements local, git-like snapshots, diffs, tags, restore, compare, and a watch mode. No unrelated binaries, env vars, or services are requested.
Instruction Scope
Runtime instructions operate on arbitrary file paths and will read file contents to create snapshots (storing text contents inline for files <10MB). This is expected for a file-versioning tool, but it means sensitive files (e.g., secrets, SSH keys) can be captured into .fvsnap if the agent or user snapshots them. SKILL.md does not add unexpected instructions (no exfiltration, no network endpoints).
Install Mechanism
No install spec or external downloads; the skill is instruction-only plus a bundled Node.js script. No URLs or extract/install steps are present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code only uses local filesystem, path, and crypto modules — no sensitive environment access is requested.
Persistence & Privilege
always:false (default) and the skill does not request persistent platform-wide privileges. It writes snapshot files to a local .fvsnap directory next to tracked files (expected behavior) and does not modify other skills or global agent configuration.
Assessment
This skill is internally coherent and appears to do what it says: local file snapshots and diffs. Before installing or using it, be aware that: - Snapshots are stored locally in a .fvsnap folder next to the tracked file and text content is stored inline for files under 10MB — do not snapshot secrets (password files, private keys, tokens) unless you understand where those snapshots are stored and who can access them. - Consider adding .fvsnap/ to your project's .gitignore and restricting filesystem permissions on the .fvsnap directory (chmod) if you care about confidentiality. - The watch mode runs continuously and will create many snapshots — use with care to avoid storing large amounts of sensitive data. - If you require stronger secrecy, review/modify the code to encrypt snapshots at rest before use. - If you want to be extra cautious, review the full version_engine.js file yourself (it uses only fs/path/crypto and has no network calls or child_process execution in the visible code).

Like a lobster shell, security has layers — review code before you run it.

latestvk97b8f4ydx8ey1xpaek0606qks851wgr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments