ClawHub

my skill demo showcase

v0.0.1

Minimal TypeScript hello-world skill that demonstrates bundling TS code, a Node dependency, and package.json instructions for use and publication on Clawdhub.

0· 269·1 current·1 all-time
by@whgreate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a minimal TypeScript hello-world demo; the files (hello.ts, embedding-demo.ts), package.json (dayjs dependency), and README all match that purpose. Nothing requested or present (no credentials, no system paths) is extraneous to a hello-world demo.
Instruction Scope
SKILL.md only instructs installing npm deps in the skill folder and running the included TypeScript script via ts-node, or importing the exported function. It does not direct reading unrelated files, accessing secrets, or calling external endpoints beyond normal npm package fetching. The example cd path (/home/ubuntu/skill-demo) is just illustrative.
Install Mechanism
There is no formal install spec; the README recommends running `npm install` and `npx ts-node`. That uses the public npm registry (standard for Node). This is expected but carries the usual npm-registry risk (install scripts, transitive packages). package.json lists only `dayjs` (runtime) and `ts-node`/`typescript` (dev).
Credentials
The skill declares no required environment variables, credentials, or config paths. Runtime instructions do not read undeclared env vars. No disproportionate access to secrets is requested.
Persistence & Privilege
Skill is not always-enabled and allows normal model invocation. It does not request to modify other skills or system-wide agent settings and has no install hooks declared that would persist beyond its own folder.
Assessment
This skill appears coherent and minimal. Before running `npm install` or `npx ts-node`, review package.json (already minimal here) and consider installing in a sandboxed environment if you run untrusted packages. If you plan to use it in production, pin dependency versions and/or verify package integrity; otherwise, running the provided scripts locally to inspect output is sufficient.

Like a lobster shell, security has layers — review code before you run it.

latestvk979nat0m1qxvhtzdffgm7fjyh824j5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments