ClawHub

Clawhub Skill Compliance

v1.2.2

Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari...

0· 42·0 current·0 all-time
byTaoyi CHEN@tchen6500
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to be a pre-flight compliance checklist and is implemented purely as prose templates and guidance. It requests no binaries, credentials, or installs — which is appropriate for a documentation/checklist tool.
Instruction Scope
SKILL.md contains checklist items, templates, and safe guidance (placeholders for secrets, declaration of dependencies, security-scope templates). It does not instruct reading local files, sending data to external endpoints, or executing commands, so the runtime instruction surface is minimal and aligned with the stated purpose.
Install Mechanism
No install specification and no code files are included; this is the lowest-risk pattern for a documentation-only skill. Nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables or credentials and only recommends documenting any env vars that a real skill would use. There are no unexplained secret requests.
Persistence & Privilege
always is false and model-invocation is allowed by default. The skill makes no requests to modify agent/system configuration and requires no persistent presence; privileges are minimal and appropriate.
Assessment
This is a documentation-only compliance checklist and appears coherent with its stated purpose. Before publishing or relying on it: (1) confirm any future code added to accompany this checklist declares dependencies and env vars exactly as the checklist recommends, (2) verify that placeholders are not replaced with real secrets in published files, and (3) remember that the absence of code/scan findings here means there's nothing for the scanner to analyze — if someone later attaches install scripts or downloads, re-review the install spec and any external URLs for unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da922fss8amjqpte337yms98495c9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments