ClawHub

Graceful Boundaries

v1.1.0

Assess any API or website's Graceful Boundaries conformance level and provide concrete guidance for reaching the next level. Use this skill when the user ask...

0· 78·0 current·0 all-time
by@snapsynapse
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included assets: spec, examples, and a conformance checker that inspects discovery endpoints, 429 bodies, and proactive headers. The included test/eval scripts are appropriate for validating Graceful Boundaries conformance.
Instruction Scope
Runtime instructions confine the agent to making direct HTTP requests to the user-provided URL (discovery paths and sample endpoints) and to parsing responses. The SKILL.md explicitly forbids attempting to trigger 429s (no stress/hard probing). The instructions do not ask the agent to read local secrets, system files, or to send data to third-party endpoints beyond the target URL (examples reference the Siteline reference implementation only).
Install Mechanism
No install spec is declared (low-risk). The bundle includes Node.js scripts (evals/*.js) that the SKILL.md presents as an optional accelerator run locally via `node evals/check.js`. This is consistent with 'optional' usage, but if you choose to run the bundled scripts locally you will need a compatible Node runtime; the package does not declare Node as a required binary.
Credentials
No environment variables, credentials, or config paths are requested. The skill's functionality (HTTP inspection of a provided URL) does not require any secrets, so the lack of required env vars is proportionate.
Persistence & Privilege
The skill does not request permanent inclusion (always=false), does not modify other skills or system-wide settings, and does not attempt to persist credentials or enable itself automatically. Autonomous invocation remains allowed (platform default) but is not combined with any other red flags here.
Assessment
This skill appears coherent and focused: it only fetches and inspects the URLs you provide and includes an optional Node.js checker you can run locally. Before running the bundled scripts, note that: (1) running evals/check.js will make outbound HTTP requests to the target URL (so avoid running it against internal or sensitive endpoints), (2) you need a Node runtime to run the scripts locally (the skill does not require Node to be installed to use the instruction flow), and (3) the skill does not request or use any credentials or secret environment variables. If you plan to run the included Node tests, run them in a controlled environment and review the code (it's small and self-contained) — otherwise you can follow the SKILL.md instructions using curl or your own HTTP client without installing anything.

Like a lobster shell, security has layers — review code before you run it.

latestvk971545as8wxyvcz9d7g2fd65n83cmz7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments