ClawHub

Yamlcheck

v3.0.2

Validate YAML syntax using python3, lint configs, and convert YAML to JSON. Use when checking syntax, finding errors, or converting formats.

0· 241·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md and included script clearly require python3 (and optionally PyYAML) which aligns with the declared purpose. However, the registry metadata lists no required binaries while the runtime instructions and script call python3 — that metadata omission is an inconsistency that should be corrected.
Instruction Scope
Runtime instructions and the script stay within the stated scope: they read a user-provided YAML file, run local checks or call PyYAML, and emit lint/validation/JSON output. There are no network calls, credential access, or instructions to read unrelated system files in the provided content.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk. A script file is included and will be executed locally; the install path is not writing arbitrary remote code. There are no downloads or external installers in the manifest.
Credentials
The skill requests no environment variables or credentials. The only runtime dependency is python3 (and optionally the PyYAML library) which is proportionate to a YAML toolkit.
Persistence & Privilege
always is false and the skill does not request persistent or elevated system privileges. It does not modify other skills or global agent settings in the provided materials.
Assessment
This skill is coherent with its description and does not ask for secrets. Before installing: (1) ensure python3 is available in the environment (SKILL.md and the script require it) — the registry metadata omits this requirement and should be fixed; (2) consider installing PyYAML for full parsing if you need robust YAML support; (3) review the full scripts/script.sh contents locally — the manifest preview here was truncated, so verify the file's end to ensure there are no unexpected behaviors; (4) run the tool on non-sensitive sample files first or in an isolated environment if you want extra caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk976h99hmcwn8dzf1b6xnwbt4s836gf0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments