ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arrivelah

v1.0.0

One-word trigger for next bus arrival to your destination

0· 381·1 current·1 all-time
byAbhay Bhat@abhayjb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (one-word trigger for next bus arrival) align with the shipped files: a short bash script and a config.json containing stop/service and apiUrl. Required binaries (curl, jq) are appropriate and expected.
Instruction Scope
SKILL.md confines behavior to reading config.json and calling the Arrivelah2 API. The runtime script only reads its own config file and prints parsed results; it does not reference other system files, credentials, or unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only plus included script), so nothing arbitrary is downloaded or installed. Risk is low because the script is small, readable, and included in the package.
Credentials
The skill requests no environment variables or credentials. It only reads a local config.json. There are no unexplained secrets or cross-service tokens.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system settings. It has no persistent background components or privilege-escalating behaviors.
Assessment
This skill is small and coherent: it reads the provided config.json and issues an HTTPS request to the Arrivelah2 API. Before installing, verify you are comfortable with outbound HTTP requests to the apiUrl in config.json (default: https://arrivelah2.busrouter.sg). Ensure curl and jq are available. If you change apiUrl, only point it to trusted endpoints since the script will send your configured stop ID there. No credentials are requested and no other files or system credentials are accessed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fynxrc653sg4jqp6rwbn8v581ws4w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚌 Clawdis
Binscurl, jq

Comments