ClawHub

Pywayne Helper

v0.1.0

Project configuration management helper for YAML config files. Use when projects need cross-process/cross-file parameter sharing via a centralized config fil...

0· 590·0 current·0 all-time
by@wangyendt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The document describes a Python package API (import pywayne.helper, Helper class, methods) and runtime behavior (file creation, waiting, concurrency). However the skill bundle contains no code, no dependency declaration, and no install instructions. A user installing this skill should expect either a runnable implementation or an install mechanism; neither is provided, so the claimed capability is not actually present.
Instruction Scope
Instructions are narrowly focused on reading/writing a shared YAML config in the project root and include examples that spawn subprocesses and open file paths obtained from the config. That behavior is consistent with the stated purpose, but the doc allows actions that read arbitrary filesystem paths (e.g., opening a data file whose path comes from the config) and shows subprocess execution in examples. The SKILL.md does not provide explicit safe-locking or permission guidance beyond 'update mode', which leaves concurrency and sensitive-file risks underspecified.
!
Install Mechanism
There is no install specification and no code files. For a skill that advertises a Python runtime helper, the absence of an install step (PyPI name, wheel, or source) or bundled implementation is an incoherence: the documentation implies a runtime artifact that the skill does not supply.
Credentials
The skill declares no environment variables, credentials, or config paths, which is proportional to a local file-based config helper. Note: the documented behavior will read and write files in the project tree and may cause reading of paths supplied via config values — this can expose arbitrary files if config values are attacker-controlled.
Persistence & Privilege
always:false (normal) and autonomous invocation is allowed (default). There is no request to modify other skills or system-wide settings. As with any skill that can read files, autonomous invocation increases blast radius if combined with file access, but nothing in metadata gives this skill elevated persistence.
What to consider before installing
This package is documentation-only: it describes a Python library and runtime behaviors but provides no implementation or install instructions. Before installing or relying on it, ask the publisher for the source code or a clear install step (PyPI name, git repo, or packaged code). Do not assume 'import pywayne.helper' will succeed. If you plan to use the approach: (1) ensure the actual library you install is from a trusted source, (2) confirm file-permission and locking behavior to avoid race conditions, (3) avoid storing secrets in the shared YAML or validate/limit file paths read from config, and (4) prefer skills that bundle code or declare explicit installation methods so you can audit what will run.

Like a lobster shell, security has layers — review code before you run it.

latestvk974fkg2jabgpmtbwd38ajbqtd818xge

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments