ClawHub

PromptVault Team Prompt Library

v1.0.0

Organize, rate, and share prompts with your team. Never lose a great prompt again. Centralized prompt management with search, tags, and ratings.

0· 174·2 current·2 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered code and SKILL.md. The code implements a local JSON-backed vault, CLI commands, export/import, and a static HTML generator — all appropriate for a prompt library. No unexpected services, cloud APIs, or unrelated credentials are requested.
Instruction Scope
SKILL.md instructs running the included Python scripts and shows CLI examples that operate on local files. The runtime instructions and code only reference vault/config files in the repository or working directory; they do not instruct reading unrelated system files or sending data to remote endpoints.
Install Mechanism
There is no install spec and no external downloads. The skill is instruction-first with included Python scripts; this is low-risk and proportional for a CLI tool that requires Python on the host.
Credentials
The skill declares no required environment variables, binaries, or credentials and the code does not attempt to read environment secrets. Its operations are limited to local files (vault and config).
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It is a normal, invocable skill that writes only its own vault file and .bak backups in the current/ configured path; it does not modify other skills or system-wide settings.
Assessment
This tool appears to do exactly what it says: local, file-based prompt storage and static HTML browsing. Before installing or using it: (1) remember vault files are plain JSON with no encryption or access control — don't store secrets or PII in prompts; (2) exports can include notes/changelog if you pass the option — review exports before sharing; (3) the import/merge/replace behaviors can overwrite or merge entries (IDs are derived from prompt text), so back up important vaults before bulk import; (4) backups are created as .json.bak by these scripts — verify they meet your backup policy; (5) the author/source is anonymous in the registry metadata — if provenance matters, consider auditing the full source or running the scripts in a sandbox first. Overall the package is coherent and consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

collaborationvk975hy9ckmemn2fb1snyq57kz182pez3latestvk975hy9ckmemn2fb1snyq57kz182pez3libraryvk975hy9ckmemn2fb1snyq57kz182pez3organizationvk975hy9ckmemn2fb1snyq57kz182pez3promptsvk975hy9ckmemn2fb1snyq57kz182pez3sharingvk975hy9ckmemn2fb1snyq57kz182pez3teamvk975hy9ckmemn2fb1snyq57kz182pez3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments