ClawHub

Iknowkungfu

v1.2.0

Skill discovery engine. Analyzes what your agent does and recommends ClawHub skills you're missing. Use when: /kungfu, /kungfu-scan, /kungfu-gaps, 'what skil...

0· 178·1 current·1 all-time
by@whooshinglander
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (skill-discovery/recommendation) match the instructions and bundled assets: it needs to read agent memory, installed skills, logs and a local catalogue to find gaps and score candidates. No unrelated credentials or external services are requested.
Instruction Scope
SKILL.md directs the agent to read many local files and directories (MEMORY.md, daily logs, AGENTS.md, HEARTBEAT.md, installed skills in both user and system paths) and to scan skill packages' files for suspicious patterns. That scope is appropriate for a discovery tool but is privacy-sensitive because it can access files that may contain secrets; the skill claims to redact credentials and never send data out.
Install Mechanism
No install spec and no code files — this is instruction-only and does not download or write code to disk. Lowest-risk install footprint.
Credentials
No environment variables, credentials, or config paths are required. The files it reads are directly related to producing workflow profiles and recommendations.
Persistence & Privilege
always:false and no system modification instructions. The skill is not requesting permanent presence or elevated privileges beyond reading local files; autonomous invocation is allowed by default but not exceptional here.
Assessment
This skill appears to do what it says: it analyzes your agent's local files and bundled catalogue to recommend missing skills and does not ask for keys or install software. Before installing, consider: 1) It will read workspace files and skill folders (including system-level skill paths) — these can contain secrets or sensitive data, so run it in an account/environment you trust. 2) Although the SKILL.md says it will redact keys and never make network calls, verify outputs before copying any suggested install commands or exposing results. 3) Inspect the bundled data/skills-catalogue.json and references if you want to confirm recommendation logic or stale entries. 4) If you have strong isolation needs, run the skill in a limited user account or container and/or run a dedicated security scan (e.g., ClawSpa) on installed skills it flags. Overall the package is coherent and proportionate to its stated purpose, but it operates over sensitive local data so exercise normal caution.

Like a lobster shell, security has layers — review code before you run it.

discoveryvk977xzpkx2p2w7rxz0p6fnbes183am67latestvk977qghagx4ycckqkt8sk1828983dhb2productivityvk977xzpkx2p2w7rxz0p6fnbes183am67recommendationsvk977xzpkx2p2w7rxz0p6fnbes183am67

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments