ClawHub

Config

v2.0.1

Manage app configuration files with init, list, and add operations. Use when initializing configs, listing settings, switching environments.

0· 297·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Overall the script implements a local config/log utility matching the name/description. However a couple of declared commands do not perform the action a user would reasonably expect: 'remove' only echoes a removal message and does not delete entries from data.log, and 'run' only prints its argument rather than executing anything. The SKILL.md and script otherwise align on storage location and basic operations.
Instruction Scope
SKILL.md instructs the agent to run local commands (init, add, list, search, export). These are limited to local filesystem operations. Be aware the tool writes every executed command to history.log and appends user-provided text to data.log — so any sensitive text passed to 'config add' (or piped into the command examples like diff outputs) will be persisted.
Install Mechanism
Instruction-only skill with a single bash script; no install spec, no remote downloads, and no package manager use — lowest install risk.
Credentials
The registry metadata lists no required env vars, but the script honors CONFIG_DIR (override), XDG_DATA_HOME, and HOME for storage location. This is reasonable, but CONFIG_DIR is not declared as a required/provided env in metadata. Also: because data and history are stored under the user's data directory, those files may contain sensitive information if used to store secrets.
Persistence & Privilege
always:false and the skill is user-invocable only. The script only creates files under the user's data directory (~/.local/share/config by default) and does not modify global/system settings or other skills' configs.
Assessment
This appears to be a simple local-only config/log tool and is coherent with its description. Before using it: (1) don't store secrets or credentials with 'config add' because entries and history are persisted in plaintext under your user data directory; (2) note that 'remove' does not actually delete entries — review/modify the script if you need true removal; (3) if you expect 'run' to execute commands, update the implementation (it currently only echoes the input). If you are comfortable with plaintext local logs and/or audit those files in backups, this skill is reasonable to install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a50gntw9xka0xsn009t1fn1835yzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments