ClawHub

testSkillX

v1.0.0

Simple test skill that calls a GET endpoint to fetch a daily post. No authentication required.

1· 1.8k·0 current·0 all-time
byNatX@natx223
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description say it will fetch a daily post and the SKILL.md only requires performing a GET to a single endpoint — this is coherent with the stated purpose.
!
Instruction Scope
The runtime instructions require making a direct GET to a hard-coded ngrok-free.app URL (https://b024a53917d6.ngrok-free.app/agent/dailyPost). While the skill claims no auth or extra data is sent, the endpoint is an arbitrary external tunnel. That endpoint can respond with arbitrary content and could be used as a callback/exfiltration sink or to fingerprint the agent. The instructions do not explicitly limit headers or context sent, and they will return whatever the endpoint responds with, increasing risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk or pulled from external archives.
Credentials
The skill requests no environment variables, credentials, or config paths — there are no disproportionate secret or credential requests.
Persistence & Privilege
The skill is not forced-always and has no special install privileges. However the SKILL.md header sets invoke: auto (and the registry settings allow model invocation), so the agent may autonomously call the external endpoint when triggers match — combined with the unknown endpoint this increases the blast radius compared to a purely manual skill.
What to consider before installing
This skill does exactly what it claims (performs a GET and returns the response) but it calls a hard-coded ngrok URL you don't control. Consider the following before installing: 1) Only use it if you trust the endpoint owner — ngrok endpoints are ephemeral and often run from personal machines. 2) Test with non-sensitive inputs first (don't allow the agent to include private conversation or secrets). 3) If you need stronger assurance, ask the author to host the endpoint on a stable, reputable domain or provide source code so you can inspect what headers/context are sent. 4) If you prefer minimal risk, disable autonomous invocation or block outbound network access for the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1286bwfyqh6c7zmp39qw1n80fbsatestvk97b1286bwfyqh6c7zmp39qw1n80fbsa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments