ClawHub

Json Linter

v1.0.0

Validates JSON syntax across the workspace. Use this skill to check for syntax errors in configuration files, memory files, or data assets.

1· 749·1 current·1 all-time
byWANGJUNJIE@wanng-ide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the delivered code: index.js and SKILL.md implement a recursive workspace scan for .json files and validate them with JSON.parse(). No extra binaries, env vars, or unrelated capabilities are requested.
Instruction Scope
SKILL.md instructs running the included Node script to scan a directory. The implementation reads filesystem directories and files, parses JSON, and emits a report. It does not access the network, other processes, or system credentials. It will read any .json files in the workspace (which is expected for this purpose).
Install Mechanism
There is no install spec or external download; this is essentially an instruction-only skill with bundled scripts. package.json declares no dependencies. Risk from installation is minimal because nothing is fetched from remote sources.
Credentials
The skill declares no required environment variables or credentials and the code does not read env vars. Note: because it scans the workspace, it can read any JSON files present — including files that may contain secrets (e.g., credentials stored as JSON). This access is coherent with the skill's purpose but is something the user should be aware of.
Persistence & Privilege
Flags are default (always: false). The skill does not modify other skills or global agent configuration. It can be invoked autonomously by the agent (platform default), but that is not a unique privilege for this skill.
Assessment
This skill appears to do exactly what it says: recursively read .json files and report syntax errors. Before installing or running it, consider: 1) it will read any .json files in the workspace (so it can see JSON-formatted secrets/configs); 2) the bundled code runs under node — review index.js and scripts/test.js yourself or run them in a sandbox/container if you are unsure; 3) there is no network activity in the code, and no external downloads are performed, which reduces risk; 4) if you want to avoid scanning some paths, the script only skips a few hard-coded names (node_modules, .git, temp, logs) — adjust or run it against an explicit directory to limit scope. If you need higher assurance, run the test suite (node scripts/test.js) in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97be4mkvswsd9exrj4h14044d816ak0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments