← Back to Skills Marketplace
stevenobiajulu

Safe

by Steven Obiajulu · GitHub ↗ · v0.2.0 · MIT-0
cross-platform ✓ Security Clean
162
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install safe
Description
Draft and fill Y Combinator SAFE templates — valuation cap, discount, MFN, pro rata side letter. Standard startup fundraising documents for convertible equit...
Usage Guidance
This skill appears coherent for filling SAFE templates, but pay attention to two operational risks before using it: (1) Remote MCP will send sensitive fundraising fields (company name, investor name, purchase amount, valuation cap, state, etc.) to openagreements.ai—confirm the user consents and validate the service's authenticity and privacy policy. (2) If you use the Local CLI path, ensure the agent or operator strictly implements the documented sanitization rules (output filename regex, reject shell metacharacters and control characters, use a quoted heredoc, and pin the npm package version) and be aware of potential /tmp symlink/TOCTOU issues; consider using a secure, unique temp file per invocation rather than a fixed path. Also always review the generated SAFE before signing, pin the CLI version as recommended, and verify the open-agreements npm package and its source prior to installation.
Capability Analysis
Type: OpenClaw Skill Name: safe Version: 0.2.0 The 'safe' skill provides a structured workflow for generating Y Combinator SAFE documents via a remote MCP or local CLI. It demonstrates a strong security posture by providing the agent with explicit shell command sanitization rules (e.g., regex for filenames, quoted heredocs, and metacharacter rejection) in SKILL.md and template-filling-execution.md to prevent RCE. It also transparently discloses that the remote MCP path sends data to openagreements.ai and includes instructions to treat third-party template data as untrusted, effectively mitigating prompt injection risks.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
Name/description match what the skill does: produce filled SAFE DOCX files via a hosted MCP or an optional local CLI. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
The SKILL.md stays within purpose but delegates critical safety responsibilities (shell-parameter sanitization, rejecting control characters, output filename validation, and user confirmation before sending values to the hosted service) to the agent or operator. It also mandates a fixed temp path (/tmp/oa-values.json) and invoking the local CLI, which are reasonable for the task but require correct implementation by the runner to avoid command-injection or TOCTOU/symlink risks.
Install Mechanism
This is an instruction-only skill with no install spec. It recommends either a hosted MCP (openagreements.ai) or installing the public npm package open-agreements; both are plausible and proportional. No arbitrary downloads or extract operations are specified.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The only data it transmits (when using Remote MCP) are the template field values required to fill SAFEs—this is consistent with the stated purpose, and the skill explicitly asks for user consent before sending such data.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or broad credential access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install safe
  3. After installation, invoke the skill by name or use /safe
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
Fix: populate version field
v0.2.1
Add inline trust-boundary, shell-safety, and hosted Remote MCP disclosure guidance for ClawHub review.
Metadata
Slug safe
Version 0.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Safe?

Draft and fill Y Combinator SAFE templates — valuation cap, discount, MFN, pro rata side letter. Standard startup fundraising documents for convertible equit... It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.

How do I install Safe?

Run "/install safe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Safe free?

Yes, Safe is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Safe support?

Safe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Safe?

It is built and maintained by Steven Obiajulu (@stevenobiajulu); the current version is v0.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments