ClawHub

CEO Capabilities Catalog

v1.0.0

Catalog the current OpenClaw instance's installed skills, custom skills, and coordination-oriented capabilities. Use when the user asks what this agent can d...

0· 64·0 current·0 all-time
by@xingfan0828
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (catalog installed skills and coordination capabilities) match the instructions which enumerate reading installed SKILL.md files, an optional capabilities-inventory.md, and local workspace memory. No unrelated credentials, binaries, or remote endpoints are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read local workspace memory files, installed SKILL.md files, and an optional capabilities-inventory.md. This is coherent with the purpose, but 'local workspace memory files' is broad — the file-scope is not strictly enumerated. The skill also warns not to expose secrets, which helps, but the agent will need guardrails to avoid leaking sensitive config if such files exist.
Install Mechanism
No install spec and no code files — instruction-only. Lowest-risk install profile; nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The files it reads are logically related to its stated goal (local SKILL.md and inventory files). There is no disproportionate credential or secret access requested.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modification of other skills. It is user-invocable and can run autonomously per platform defaults, which is expected for an informational skill.
Assessment
This skill appears coherent and low-risk: it only reads local capability files and SKILL.md manifests to produce a catalog and requests no credentials or installs. Before installing or enabling it, consider: (1) confirm where your agent stores workspace memory and ensure sensitive files or secrets are not colocated with capability files you don't want exposed; (2) review any existing capabilities-inventory.md and local SKILL.md files so the output won't inadvertently include confidential details; (3) if you want stronger protections, restrict the agent's file-read scope or run the skill in an environment where secrets are isolated. No extra credentials or remote downloads are required.

Like a lobster shell, security has layers — review code before you run it.

latestvk976jtrxjgjv0sp02c9nb2ravn843skb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments