ClawHub

Code

v1.0.4

Coding workflow with planning, implementation, verification, and testing for clean software development.

35· 18.4k·219 current·227 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (coding workflow, planning, verification, testing) match the files and runtime instructions. There are no unrelated required binaries, env vars, or installs; the only persistent artifact is a user-memory stored at ~/code/memory.md, which is reasonable for a code preferences helper.
Instruction Scope
Instructions are narrowly scoped to provide guidance, consult bundled reference files, read ~/code/memory.md, and access the user's project when needed. 'User's project' is somewhat vague (no explicit path rules), so in practice the agent may be permitted to read project files broadly — this is expected for a coding helper but users should be aware that project files can contain secrets.
Install Mechanism
No install spec and no code files; the skill is instruction-only so nothing is downloaded or written by an installer. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, credentials, or external config paths beyond a user-local ~/code/ directory. This is proportionate to a workspace-preferences/coding-workflow skill.
Persistence & Privilege
always is false, autonomous invocation not disabled (normal). The only persistent change described is writing ~/code/memory.md when the user explicitly requests; the skill states it won't modify its SKILL.md or other auxiliary files. No cross-skill or system-wide configuration changes are requested.
Assessment
This skill appears coherent and low-risk: it only stores explicit user preferences in ~/code/memory.md and otherwise provides local guidance. Before using it, (1) avoid asking it to save secrets or API keys into memory.md, (2) be aware that when you let it read your 'project' it may access any files in that project (which can include credentials or config), and (3) monitor the ~/code/ directory after first use to verify only the expected memory.md is created. If you need stricter guarantees, don't allow it to write files or restrict the project path it may read.

Like a lobster shell, security has layers — review code before you run it.

latestvk979e3r2f8s4cv00npfzym72jd81esbp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💻 Clawdis
OSLinux · macOS · Windows

Comments