ClawHub

Upload files to catbox.moe (permanent) or litterbox.catbox.moe (temporary).

v1.0.0

Upload files to catbox.moe (permanent, max 200 MB) or litterbox.catbox.moe (temporary, 1h–72h, max 1 GB) and receive the file URL.

1· 2.9k·13 current·13 all-time
by@microck
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, SKILL.md, and upload.py all consistently describe uploading files to litterbox.catbox.moe (temporary) or catbox.moe (permanent). The optional userhash parameter is appropriate for Catbox account tracking. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Runtime instructions only invoke upload.py with a file path and optional flags. The script opens the specified file and makes POST requests to the two service APIs declared in the script (CATBOX_API and LITTERBOX_API). It does not read other system files, environment variables, or contact unexpected endpoints.
Install Mechanism
There is no install spec; the repo includes a small requirements.txt (requests) and a single script. No external download/extract steps or unusual install locations are used.
Credentials
The skill requests no environment variables or secrets. The only credential-like value is an optional userhash passed on the command line for Catbox, which is reasonable and documented. There are no unrelated credential requests.
Persistence & Privilege
always is false; the skill does not request permanent inclusion or modify other skills or system-wide config. It performs network calls only when invoked and does not store agent credentials or persist changes to the environment.
Assessment
This skill appears to do exactly what it says: upload a local file to catbox.moe or litterbox.catbox.moe. Before installing/using it, consider: (1) files are sent to a third-party service — do not upload sensitive or private data; (2) if you pass a Catbox userhash, treat it like a secret tied to your account; (3) the script requires the Python requests library (requirements.txt); (4) you can review the small upload.py source to verify behavior (it only opens the given file and posts it to the two documented endpoints). If you need to be extra cautious, run the script in an isolated environment or inspect network traffic when first using it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5v8ez71c1b7421eytmyw5n805e2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments