Lix Agents

v1.0.5

Obtain temporary Lix API tokens via CLI with human email approval. Use when you need authenticated access to the Lix API, need to enrich data via Lix, or nee...

⭐ 1· 45·0 current·0 all-time

byA A Karim@aakarim

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (obtain temporary Lix API tokens) align with the instructions: the SKILL.md explicitly directs the agent to check for, install, and use the 'lix-agents' CLI and to request tokens. Nothing requested (no extra credentials or unrelated services) contradicts the stated purpose.

ℹ

Instruction Scope

Instructions direct the agent to run local shell commands (which, in a deployed agent environment, means invoking system commands), to install software, and to capture tokens printed to stdout. The doc explicitly requires user confirmation before each step, which reduces risk, but there is potential for token leakage if the agent posts the token into a conversation or logs. The instructions stay within the claimed scope but involve sensitive local actions (installing binaries, handling auth tokens).

ℹ

Install Mechanism

There is no automated install spec (skill is instruction-only), which is lower risk. The SKILL.md suggests installing via 'brew tap lix-it/lix-agents && brew install lix-agents', 'go install', or downloading GitHub Releases. Those are plausible methods but tapping an external brew repo or downloading arbitrary releases is a supply‑chain risk and should be verified (review the repo/release artifacts).

✓

Credentials

The skill declares no required environment variables or credentials and does not ask for unrelated secrets. It only handles temporary API tokens for Lix, which is proportional to its purpose.

✓

Persistence & Privilege

always is false, the skill does not request persistent privileges or modify other skills/config. It does instruct saving a local session/token (normal for CLI auth), but it does not demand elevated or system‑wide configuration access.

Assessment

This skill is coherent with its purpose, but follow these precautions before installing or running it: 1) Verify the 'lix-agents' source (review the GitHub repo/releases and maintainers) before tapping a brew repo or downloading binaries. 2) Prefer installing software yourself rather than allowing an automated agent to run install commands. 3) Never paste API tokens into chat — treat the token as sensitive and store it only in your environment or a secure credential store. 4) Confirm the agent asks for permission before each command (SKILL.md instructs this, enforce it). 5) If you need stronger assurance, inspect the CLI code (go module or release assets) to ensure it does what it claims and does not exfiltrate tokens.

Like a lobster shell, security has layers — review code before you run it.

latestvk974cqygs5fpm5zkme8bpa5xxs83yjea

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Lix Agents

License

Comments