Safety Report

E2E e2e-repro2-1772127134

Name: E2E e2e-repro2-1772127134
Author: VACInc

Performs deterministic end-to-end tests to validate ClawHub CLI publish lifecycle commands and verify registry metadata accuracy.

115Downloads

0Installs

0Stars

1Versions

CLI & Shell Tools1,805 Legal & Compliance738 Automated Testing538

Security Analysis

medium confidence

Clean

The skill claims to provide deterministic end-to-end publish lifecycle tests but the instructions are vague/missing and it requests no tools, credentials, or concrete commands — this mismatch is suspicious and needs clarification before use.

Mar 7, 20261 files3 concerns

Purpose & Capabilityconcern

The skill's name and description say it runs deterministic E2E tests for the ClawHub CLI publish lifecycle, yet it declares no required binaries, no credentials, and no config paths. A publish/install/update/delete test normally needs CLI tooling, access to a registry, or at least concrete command examples; the absence of these is inconsistent with the stated purpose.

Instruction Scopeconcern

SKILL.md tells the agent to "Run the listed command examples" and "Confirm output includes expected status messages," but there are no listed commands, no expected outputs, and no guidance about environment or targets. The instructions are overly vague and grant the agent broad discretion to infer or execute commands, which increases risk.

Install Mechanismok

This is an instruction-only skill with no install spec and no code files. That is low-risk from an installation perspective (nothing is downloaded or written to disk).

Credentialsconcern

For a ClawHub publish lifecycle test, one would expect required environment variables (registry credentials, CLI config paths) or at least a declared dependency on the ClawHub CLI. The skill declares none, which is disproportionate and suggests either missing metadata or an attempt to obscure needed credentials/targets.

Persistence & Privilegeok

The skill is not always-included and allows normal model invocation. It does not request persistent system-wide changes in its metadata; no privilege escalation flags are present.

Guidance

Do not install or run this skill until the author provides concrete command examples, the exact CLI/tools it will run, and any required environment variables or credentials. Ask for: (1) the full list of commands the skill will execute, (2) expected output messages for verification, and (3) precise environment or registry credentials it needs. If you must test now, run the commands manually in an isolated environment (container or throwaway VM) and avoid giving credentials to the skill until you confirm its behavior. If the skill will be allowed to run autonomously, limit its permissions and monitor network and registry activity.

Latest Release

v1.0.0

- Initial release of e2e-repro2-1772127134. - Provides a deterministic end-to-end test skill for ClawHub publish lifecycle. - Supports validation of CLI publish, install, update, and delete behavior. - Enables verification of registry and metadata round-trips. - Includes clear usage instructions and quality check guidance.

More by @VACInc

Google Keep

7 stars

Simple Backup

4 stars

E2E e2e-repro3-1772127182276

0 stars

Perplexity Wrapped Search

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @VACInc on ClawHub