Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The package claims to be a beginner 'skill pack' and includes SKILL.md files for the 10 named skills plus a small git helper script. The per-skill metadata lists expected binaries where applicable (e.g., git, bash, grep). No unrelated credentials, binaries, or config paths are requested at the package level.
Instruction Scope
The SKILL.md files describe tools that can read/write/edit files, run shell commands, send messages, and spawn sub-agents. The instructions themselves stay within those stated responsibilities. Note: AgentTool explicitly states shared context may include environment variables and tool permissions (sub-agents inherit permissions), and AskUserQuestionTool shows examples asking for tokens (with a warning). These are expected for such tools but increase the need for caution when using them in sensitive environments.
Install Mechanism
No install spec is provided (instruction-only plus included script files). Nothing is downloaded from arbitrary URLs and there is no archive extraction step; risk from the install mechanism is minimal. The one included script is a local Python script.
Credentials
The package does not declare any required environment variables or credentials. Individual skill docs show that integration with external channels or services (SendMessageTool, Git/gh, AskUserQuestionTool examples) may require tokens or gateway configuration — again expected but not requested up-front. The git helper operates by invoking local git; it does not read or require secrets. Overall the environment access requested is proportional, but users should not supply sensitive tokens in chat and should configure messaging channels deliberately.
Persistence & Privilege
The package is not marked always:true and is user-invocable only. It doesn't attempt to modify other skills or system-wide settings. The included git script stages and commits changes in the current repo (normal for a git helper) but does not try to persist configuration beyond normal git operations.
Assessment
This appears to be a legitimate beginner skill pack. It includes tools that can read, write, edit files, execute shell commands, send messages, and spawn sub-agents — all powerful actions. Before installing or running: (1) only use it in non-sensitive or disposable workspaces until you trust it, (2) avoid pasting secrets or access tokens into chat prompts (AskUserQuestionTool warns about this), (3) review the small git_aware script (it stages all changes and commits) and back up any important repos, (4) review messaging channel configurations (SendMessageTool) to avoid accidental data leaks, and (5) be cautious when spawning sub-agents since they inherit permissions. If you need higher assurance, ask the author for provenance or run the scripts in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8q8qajhe47r42yz1my913x84epme
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📚 Clawdis