ClawHub

Data Pipeline Toolkit

v1.0.0

Create, schedule, and monitor ETL pipelines extracting from APIs, databases, files, and streams, with transform and load support to warehouses and APIs.

0· 431·9 current·9 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description promises a full ETL toolkit, but the package contains no code, binaries, or install instructions. The Quick Start assumes a local executable (./pipeline.sh) that is not included. That mismatch means the skill cannot actually provide the claimed capabilities without external artifacts.
!
Instruction Scope
Runtime instructions tell the agent to run ./pipeline.sh create/extract/transform/load/run and reference an environment variable ($DB_URL) and external endpoints (https://api.example.com). The SKILL.md does not explain where pipeline.sh comes from, how to install it, or which credentials are required. The instructions are therefore vague and depend on unspecified external files.
Install Mechanism
There is no install spec (instruction-only), so nothing will be written to disk by installing the skill — this reduces install risk but also means the skill provides no runnable implementation. The lack of an install path is a functional gap rather than a security-safe implementation.
!
Credentials
The SKILL.md uses $DB_URL when demonstrating load steps but the skill declares no required environment variables or primary credential. Several sources/destinations are listed (S3, GCS, Kafka, Snowflake, BigQuery) but no credentials or config paths are requested or documented. That mismatch is a red flag: the skill will need secrets in practice, but none are declared.
Persistence & Privilege
The skill does not request persistent presence (always: false) and allows normal model invocation. It does not declare any config paths or system modifications. There are no elevated privileges requested.
What to consider before installing
This skill is a documentation stub rather than a runnable tool: it references ./pipeline.sh and $DB_URL but includes no code or install instructions. Do not provide credentials or set DB_URL for this skill. Before installing or using it, ask the author for: (1) the pipeline.sh (or a clear install procedure), (2) a list of exact environment variables/credentials required and why, and (3) the source/homepage or repository so you can review the implementation. If you must test it, run any provided scripts in an isolated sandbox or disposable environment and inspect the script contents first. Prefer skills that include code or an install mechanism and that explicitly declare required credentials and their scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a2j9531kns87by3ryhjb5p9828yp4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments