ClawHub

Pulse Editor Vibe Coding APIs

v1.0.3

Generate and build Pulse Apps using the Vibe Dev Flow API. Use this skill when the user wants to create, update, or generate code for Pulse Editor applications.

5· 2.4k·2 current·2 all-time
by@shellishack
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the code and SKILL.md: it calls Pulse Editor's Vibe Dev Flow API to generate, build, and publish apps. The example code and instructions show the expected network calls and SSE usage, which are coherent with the stated purpose. However, the registry metadata declares no required environment variables while both SKILL.md and examples clearly expect an API key (PULSE_EDITOR_API_KEY) — this omission is inconsistent and worth verifying.
Instruction Scope
SKILL.md and the examples confine actions to the Pulse Editor API endpoint (https://pulse-editor.com/...) using SSE streaming and processing returned messages. There are no instructions to read unrelated system files, other credentials, or to exfiltrate data to third-party endpoints. The instructions do require keeping a long-lived SSE connection (up to ~10 minutes), which is explicitly documented.
Install Mechanism
This is an instruction-only skill with no install spec; no downloads or extra packages are installed by the skill itself. Two example files are included but there is no package installation or archive extraction.
!
Credentials
The SKILL.md and example scripts require an API key sent as an Authorization: Bearer header (examples use the PULSE_EDITOR_API_KEY environment variable), but the registry metadata lists no required env vars or primary credential. The requested credential is proportionate to the skill's purpose (API key for the service), but the metadata omission is a mismatch that could lead to confusion or misconfiguration — verify what secret you must provide and how the platform will store/handle it. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not declare any system config path changes or cross-skill modifications. It runs network calls to a single external service (Pulse Editor) and does not require elevated or persistent system privileges beyond normal network access.
What to consider before installing
What to check before installing: - Confirm the publisher/trustworthiness of this skill and that pulse-editor.com is the intended destination. The skill will send any provided API key to that domain. - Metadata omitted required env vars: SKILL.md and the Python example expect an API key (PULSE_EDITOR_API_KEY). Ask the publisher or maintainer to update metadata so the platform can surface the credential requirement correctly. - If you plan to provide an API key, consider creating a scoped or limited key for testing and review Pulse Editor's privacy/security policies. Do not reuse high-privilege or unrelated credentials. - Because the skill opens long-lived SSE connections (up to ~10 minutes), confirm your environment/network policy allows that and be aware of potential resource/time costs. - If you need higher confidence, run the included example locally using a test API key and observe behavior (what data is sent/received). If the publisher cannot justify the metadata mismatch or you don't trust the domain, avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730srq036bm5db409vka5aj5809zyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments