ClawHub

dateguard

v1.0.1

Date/time anti-pattern scanner -- detects timezone bugs, naive datetime usage, hardcoded timestamps, non-ISO formats, incorrect epoch handling, DST-unsafe co...

0· 46·0 current·0 all-time
by@suhteevah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts provide file discovery, 90 regex patterns, scoring, reports, and git hook integration. Required binaries (git, bash, python3, jq) and lefthook (brew) are consistent with cataloging files, reading config, decoding JWTs, and installing git hooks.
Instruction Scope
Runtime instructions and scripts operate locally on the repository or specified paths and produce text/json/html reports. The skill reads ~/.openclaw/openclaw.json (declared in metadata) and environment variables for a license. One undocumented optional env var (CLAWHUB_JWT_SECRET) is referenced by license.sh for JWT signature verification; it is only used locally for verifying a provided token, but it is not declared in requires.env or documented in SKILL.md.
Install Mechanism
Install uses a Homebrew formula (lefthook) which is a standard package manager flow. There are no arbitrary URL downloads or archive extraction steps in the install spec.
Credentials
Primary credential DATEGUARD_LICENSE_KEY is declared and used to unlock pro/team tiers; the scripts will also try to read the same key from ~/.openclaw/openclaw.json which is declared in configPaths. Aside from the declared license key and standard HOME/git environment, the code optionally reads CLAWHUB_JWT_SECRET (undeclared) to verify JWT signatures — this is not required for normal operation but worth noting.
Persistence & Privilege
The skill can install lefthook git hooks (pre-commit and pre-push) into a repository and run scans on commit/push. That behavior is consistent with a git-hook integration but does modify repository configuration (lefthook.yml) and will execute the shipped scripts on normal developer workflows — review and consent are recommended before installing hooks.
Assessment
DateGuard appears to do what it says: local regex-based scans and optional git-hook integration. Before installing or enabling hooks: (1) inspect the scripts yourself (they are included) to verify patterns you expect; (2) be aware that the installer writes/edits lefthook.yml and runs lefthook install in your repo which will run scans on pre-commit/pre-push and can block commits/pushes; (3) the license key (DATEGUARD_LICENSE_KEY) is required for pro/team features and can be stored in ~/.openclaw/openclaw.json or as an env var; an optional CLAWHUB_JWT_SECRET can enable local JWT signature checks but is not required and is not documented in the SKILL.md metadata — do not set secrets you don't understand; (4) run the tool in a test repo or with --no-verify workflow first to confirm it behaves as you expect. If you need higher assurance, consider running the scripts in a sandboxed environment or reviewing the complete shipped files (they are present in the bundle).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a8a7ssptmg7a4x46v8351rx84v4wr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envDATEGUARD_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook

Comments