ClawHub

Clawdbot Workspace Template Review

v0.1.0

Compare a Clawdbot workspace against the official templates installed with Clawdbot (npm or source) and list missing sections to pull in, especially after upgrades.

4· 1.8k·2 current·2 all-time
by@xadenryan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a workspace-vs-template comparison; the SKILL.md only requires locating the installed Clawdbot source root and reading template and workspace markdown files to compute diffs. No unrelated credentials, installs, or external services are requested.
Instruction Scope
Instructions direct the agent to run local commands (command -v, npm root -g, sed, diff) and to open files under the Clawdbot install and the user's workspace. This is expected for the stated task, but it does require the agent to read arbitrary local files in the indicated paths — ensure you’re comfortable with the agent having that filesystem access.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk by an installer as part of this skill.
Credentials
The skill declares no environment variables, credentials, or config paths. The instructions mention standard system/npm paths and commands only; there are no disproportionate credential requests.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request persistent presence or to modify other skills/system-wide settings.
Assessment
This skill is instruction-only and consistent with its stated purpose: it needs to read your Clawdbot install directory and your workspace markdown files to compute diffs. Before enabling or running it, consider: 1) it will access local file paths (node_modules, your workspace) — don't run it if you have sensitive files in those locations you don't want an agent reading; 2) because the skill can be invoked autonomously (platform default), only enable it for agents you trust; 3) you can manually perform the suggested commands (command -v, npm root -g, sed, diff) if you prefer to avoid giving the agent filesystem access; and 4) there is no network or credential access requested by the skill. If you want higher assurance, run these steps yourself or inspect any future code files before granting runtime access.

Like a lobster shell, security has layers — review code before you run it.

latestvk970tka7tjvyhzbvhprm9hjtys7z2k2a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments