ClawHub

Superpicky Cli

v0.2.0

SuperPicky CLI skill: use absolute paths to scripts/install.sh and scripts/run.sh for automation; run.sh three entries (superpicky_cli, birdid_cli, --region-...

0· 70·0 current·0 all-time
by@yoshino-s
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description map to the provided files and scripts. The skill wraps upstream SuperPicky CLI tools (superpicky_cli.py, birdid_cli.py, ebird_region_query.py) and requires no unrelated credentials or config paths. The requested operations (cloning upstream, creating a venv, installing Python deps, running the CLI) are proportionate to a CLI wrapper.
Instruction Scope
SKILL.md and scripts restrict operations to the skill directory ($SKILL) and the cloned upstream (.upstream). Runtime instructions call install.sh and run.sh, which create/run a venv and invoke upstream scripts. The scripts operate on user-supplied photo directories (manifest/reset semantics are documented) but do not instruct the agent to read unrelated system files or exfiltrate data to external endpoints in the provided code.
Install Mechanism
There is no registry install spec, but the included install.sh clones the upstream GitHub repository (default https://github.com/jamesphotography/SuperPicky.git), creates a venv under $SKILL/.upstream/.venv, and pip-installs dependencies (including PyTorch). Cloning from GitHub and installing from PyPI is expected, but these actions will write files, perform network I/O, and may download large model artifacts if --with-models is used.
Credentials
The skill declares no required environment variables or credentials. Scripts expect a Python interpreter and may call system utilities like git and nvidia-smi; these are reasonable for installing and detecting GPU capability. No secrets or unrelated service tokens are requested.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill writes only under its own directory ($SKILL/.upstream and its venv) and does not modify other skills or system-wide agent configurations. It does perform file operations on user-specified photo directories (normal for a photo-processing tool).
Assessment
This skill is coherent with its stated purpose, but take these practical precautions before installing: 1) The included install.sh will git-clone an upstream repo (default: GitHub) and pip-install packages (including torch); review REPO_URL and the install.sh contents if you prefer a different source. 2) The installer creates a venv and writes files under $SKILL/.upstream and may download large model files if you pass --with-models — ensure you have disk space and bandwidth. 3) The runtime tools operate on your photo directories and implement a manifest-based reset that can delete temporary JPEGs generated by the program — review the manifest/reset behavior and test on a copy of your photos if you are cautious. 4) Pip installs pull code from PyPI (supply-chain risk inherent to Python packages); consider auditing dependencies or installing in an isolated environment. 5) If you want to avoid network clone, use --no-clone with a vetted local .upstream or set REPO_URL to a mirror you trust. Overall the package is internally consistent, but review the install/run scripts and the upstream code before granting it filesystem/network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv47kx9pfa2xf5g24c893g583kwa7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments