ClawHub

Site Overview Audit

v1.0.0

Summarize one supported site's current snapshot records and highest-signal items.

0· 65·1 current·1 all-time
byYifeng[Terry] Yu@xiaojiou176
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (one-site snapshot summary) matches the instructions (load a site overview and report counts/top items). The SDKs and sidecars it references are coherent with the stated purpose.
Instruction Scope
SKILL.md restricts behavior to read-only snapshot inspection, enumerates inputs, and explicitly forbids mutating site state or claiming live data. It does not request unrelated files, credentials, or network exfiltration in the instructions.
Install Mechanism
There is no install spec (instruction-only), but the runtime instructions require modules like @campus-copilot/site-sdk, @campus-copilot/mcp-server, or mcp-readonly sidecars. The skill assumes these libraries/sidecars are present in the agent environment; if they are not, the skill will fail. No arbitrary downloads or extract steps are present.
Credentials
The skill requests no environment variables, credentials, or config paths. The lack of secrets is proportionate to the read-only snapshot summarization purpose.
Persistence & Privilege
always is false and the SKILL.md explicitly forbids mutating state. The skill does not request persistent presence or modify agent-wide settings.
Assessment
This skill appears to be a straightforward, read-only summarizer, but before installing: 1) confirm the agent runtime already provides the referenced packages (@campus-copilot/site-sdk, mcp-server, or mcp-readonly sidecars) or provide an install method; otherwise the skill will break; 2) verify the provenance/trust of those campus-copilot packages and sidecars (source/homepage is unknown here) to ensure they don't perform unexpected I/O or access live credentials; 3) test the skill in a non-production environment to confirm it truly only reads snapshot data and does not call live/private APIs; and 4) if you need higher assurance, review the code for the referenced SDKs/sidecars or ask the skill author for a source repository or install instructions.

Like a lobster shell, security has layers — review code before you run it.

campus-copilotvk97391tsfrveveekfxgbpg50ms84krk0latestvk97391tsfrveveekfxgbpg50ms84krk0read-onlyvk97391tsfrveveekfxgbpg50ms84krk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments