ClawHub

Quickfind

v2.0.2

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Quickfind concepts, best practices, and implementation patterns.

0· 107·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Quickfind reference for devtools) matches the included assets: SKILL.md describes plain-text reference commands and the shipped scripts/script.sh implements those commands. Nothing in the package requests unrelated services, binaries, or credentials. Minor inconsistency: the package metadata/version is 2.0.2 while the script sets VERSION="2.0.1" (likely a harmless mismatch).
Instruction Scope
SKILL.md explicitly states the commands output heredoc text, no network access or credentials. The shell script only emits static heredoc content for each command and does not read external files, environment secrets, or make network calls. No scope creep observed.
Install Mechanism
There is no install spec (instruction-only skill) and the only code file is a small bash script included in the bundle. No downloads, package installs, or archive extraction are performed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, and the script does not access environment variables or secret files. Requested access is proportionate to the simple documentation purpose.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges, nor does it modify other skills or global agent configuration. Autonomous invocation is allowed by default (normal), but the skill's actions are limited to printing local documentation.
Assessment
This package appears to be a harmless, local documentation tool. Before installing, you may want to: 1) verify the upstream GitHub repo and release/tag (there is a small version mismatch between the package metadata v2.0.2 and the script's VERSION="2.0.1"); 2) review the script yourself (it only prints static text in heredocs) if you have strict security requirements; 3) confirm you are comfortable with the skill being callable autonomously by the agent (default behavior) — although this particular skill only prints docs and does not access network or secrets; and 4) check license and recent commits for maintenance activity if you plan to rely on it long-term.

Like a lobster shell, security has layers — review code before you run it.

latestvk97an38yawbdb1bkzwg189mr4983g4gc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments