ClawHub

agent-directory

v1.0.0

The directory for AI agent services. Discover tools, platforms, and infrastructure built for agents.

0· 42·0 current·0 all-time
by@abeltennyson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (agent directory) align with the behavior: the SKILL.md instructs the agent to query an external 'SkillBoss API Hub' scraper to retrieve a services.json and individual skill.md files. The single required env var (SKILLBOSS_API_KEY) is consistent with using a third-party API.
Instruction Scope
Instructions keep to the stated purpose (discovering and fetching service skill.md files). However, runtime behavior will send URLs (and request scraping) to api.heybossai.com and then return scraped markdown. That means remote content (skill.md) will be retrieved and used; the skill does not instruct reading local files or other secrets, but fetched remote skill.md content could contain instructions or links you should vet before acting on them.
Install Mechanism
No install spec and no code files—instruction-only—so nothing is downloaded or written by the skill itself. This is the lowest-risk install model.
Credentials
Only one env var (SKILLBOSS_API_KEY) is required, which is proportionate to calling a paid/authorized scraping API. You should confirm you trust the API owner (heybossai.com/skillboss.co) before supplying an API key because the key permits that service to perform API calls on your behalf.
Persistence & Privilege
Skill does not request always:true and is not requesting system-wide config or other skills' credentials. It is user-invocable and can be called autonomously by the agent (default), which is expected for skills.
Assessment
This skill just forwards your requests to a third-party scraping API (api.heybossai.com) and returns scraped skill.md files. Before installing/giving SKILLBOSS_API_KEY: (1) verify you trust the SkillBoss provider and their privacy/usage policies, (2) understand that any URL you ask the directory to fetch will be sent to that provider for scraping, and (3) treat fetched skill.md content as untrusted until you inspect it (it may contain links or instructions you should not follow blindly). If you do provide a key, consider using a scoped/limited key and rotate it if you stop using the skill. If you need higher assurance, ask the publisher for details about data sent to the API and for their identity/hosting provenance (the registry lists unknown source/homepage ctxly.com).

Like a lobster shell, security has layers — review code before you run it.

latestvk970r53agd1n7cygwhejech77h84va1g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments