ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pywayne Bin Gettool

v0.1.0

Fetch and install C++ tools/libraries from cpp_tools repository. Use when users need to download or clone third-party C++ libraries such as eigen, opencv, pc...

0· 633·0 current·0 all-time
by@wangyendt
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is to fetch and install C++ libraries via a `gettool` CLI that talks to a `cpp_tools` repository. However, the package contains no code, no install specification, and the registry metadata does not declare `gettool`, `git`, `cmake`, or `make` as required binaries. A genuine CLI helper would normally either include the tool, provide an install step, or at minimum declare the binaries it expects — that mismatch is a coherence problem.
!
Instruction Scope
SKILL.md tells the agent to run commands that perform network fetches, git sparse-checkout, builds (CMake/make), and installation scripts (optionally with sudo). It assumes presence of a local name_to_path_map.yaml and allows setting an arbitrary repository URL. Those instructions can cause network downloads and execution of third-party install scripts, and they presume binaries and files that the skill did not declare. The instructions do not constrain which repo URLs are allowed, nor do they require verification of downloaded code.
Install Mechanism
There is no install spec — this is instruction-only. That minimizes what is written by the skill itself, but it also means the skill only tells the agent to run external commands rather than providing a vetted implementation. The absence of an install step is internally inconsistent with a CLI-driven skill unless the platform already guarantees `gettool` exists, which is not documented.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, because it lets the user/setter change the repository URL and run arbitrary install scripts, network access and filesystem write permissions are implicit requirements. Those are not declared; the skill could cause the agent to fetch and run untrusted code without any credential checks.
!
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and allows autonomous invocation (default), which is normal. But the instructions explicitly describe running installation scripts and a `--global-install-flag` that triggers `sudo make install`. That combination — autonomous invocation plus instructions that may escalate to privileged system installs — increases risk if the agent is allowed to act without human supervision.
What to consider before installing
This skill is instruction-only but describes a CLI (`gettool`) and build/install actions it does not provide or declare. Before installing or enabling it: 1) Verify whether a trusted `gettool` binary actually exists on your system or where it comes from; the skill bundle does not include or install it. 2) Do not allow the agent to run installs with `--global-install-flag`/sudo unless you trust the repository and have inspected the installation scripts. 3) Confirm the default `cpp_tools` repository URL and review any third-party code before fetching/building. 4) If you want to use this functionality, prefer a version that includes an install spec or points to an auditable, official release (e.g., GitHub releases) and explicitly declares required binaries (git, cmake, make). If you cannot verify the origin or contents of downloaded repositories, treat this skill as risky and run such fetch/build steps manually in a sandbox.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ttfddqv32m0ja5f213670x817vaq
633downloads
0stars
1versions
Updated 7h ago
v0.1.0
MIT-0
@wangyendt
latest
Download

Pywayne Bin Gettool

Tool fetcher for C++ libraries from cpp_tools repository. Supports sparse checkout, optional building with CMake/make, and installation scripts.

Quick Start

# List all supported tools
gettool -l

# Fetch a tool to default path (based on name_to_path_map.yaml)
gettool <tool_name>

# Fetch to specific path
gettool <tool_name> -t <target_path>

# Fetch and build (if buildable)
gettool <tool_name> -b

# Fetch and install (if installable)
gettool <tool_name> -i

Usage Patterns

1. List Available Tools

When user wants to see what tools are available:

gettool -l

2. Simple Fetch

Download tool source code to default path (determined by name_to_path_map.yaml in current directory):

gettool opencv
gettool eigen

3. Fetch with Custom Target

Download tool to a specific directory:

gettool opencv -t third_party/opencv
gettool eigen -t external/eigen

4. Build from Source

Build the tool using CMake and make. Requirements:

  • Tool must be marked as buildable: true in name_to_path_map.yaml
  • Tool must have a CMakeLists.txt file
  • Build output (lib/) is copied to target directory
gettool apriltag_detection -b
gettool <tool_name> -b -t build/<tool_name>

5. Clean Copy (src + include only)

Fetch only src/ and include/ directories if they exist:

gettool eigen -c

6. Fetch and Install

After fetching, execute the tool's installation script (if configured):

gettool pcl -i
gettool pcl -i --global-install-flag true  # Use sudo make install

7. Fetch Specific Version

Check out a specific version/tag/branch (only works for tools that are submodules):

gettool fmt -v 9.1.0

8. Manage Repository URL

# Show current URL
gettool --get-url

# Set custom URL
gettool --set-url <URL>

# Reset to default URL
gettool --reset-url

Command Reference

ArgumentDescription
<name> or -n <name>Tool name from name_to_path_map.yaml
-t <path>Target output directory (default: based on mapping)
-b / --buildBuild using CMake + make (if buildable)
-c / --cleanCopy only src/include directories
-v <version>Checkout specific version (submodules only)
-i / --installRun installation script (if installable)
--global-install-flagSet to true for sudo make install
-l / --listList all supported tools
--get-urlShow current repository URL
--set-url <URL>Set repository URL
--reset-urlReset to default URL

Tool Types and Behavior

Submodule Tools

  • Cloned as full independent repositories
  • Support -v for version checkout
  • Not built via CMake (use -b for source-level build if configured)

Non-Submodule Tools (Sparse Checkout)

  • Fetched via git sparse-checkout from cpp_tools repo
  • Can be built with -b (requires buildable=true and CMakeLists.txt)
  • Build output (lib/) copied to target directory

Default Path Mapping

When -t is not specified, the target path is determined by the path field in name_to_path_map.yaml relative to the current working directory.

Example: If opencv maps to third_party/opencv, running gettool opencv creates ./third_party/opencv.

Prerequisites

  • Git
  • CMake and make (for -b flag)
  • Appropriate C++ toolchain (for building)
  • Write permissions for target directory

Common Tool Names

Typical tools available (run gettool -l for current list):

  • eigen - Linear algebra library
  • opencv - Computer vision library
  • pcl - Point Cloud Library
  • fmt - Formatting library
  • apriltag_detection - AprilTag detection
  • spdlog - Fast C++ logging library

Comments

Loading comments...