Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name & description say: pull IM chat history (1–7 days) and summarize. The skill only requires EGATEE_CHAT_API_KEY and optionally accepts EGATEE_NOTIFY_BASE_URL / EGATEE_FROM_ACCOUNT / EGATEE_AUTH_TOKEN / debug flags, which are consistent with calling the described Egatee notify openapi.
Instruction Scope
SKILL.md and tool.py limit actions to calling the Egatee endpoint (/api/notify/im/openapi/getChatHistoryByApiKey), aggregating messages and producing summaries/Markdown. A caveat: run.sh will source a local .env if present (so running the helper will load environment variables from that file). Also the code allows EGATEE_NOTIFY_BASE_URL to be overridden — if set to an arbitrary host it will direct requests there, so treat that override as sensitive.
Install Mechanism
No install script in the registry; this is instruction + code files. requirements.txt only lists 'requests', which is appropriate and proportional. No remote downloads or extract operations are present in the package.
Credentials
Only EGATEE_CHAT_API_KEY is required (declared as primary). Optional env vars used by the script are documented and appropriate. The script does read environment variables (including optional override EGATEE_NOTIFY_BASE_URL) and will source .env if run via run.sh — users should avoid putting unrelated secrets in that .env.
Persistence & Privilege
The skill does not request persistent/always-on inclusion (always:false) and does not modify other skills or system-wide settings. It runs as a normal user-invokable tool.
Assessment
This package appears to be what it says: a small script that calls Egatee's chat-history API and summarizes results. Before installing/running: (1) confirm you are willing to give the skill access to the EGATEE_CHAT_API_KEY (it will be used to retrieve chat history); (2) if you run run.sh, be aware it will source a local .env file — don't keep unrelated secrets there; (3) EGATEE_NOTIFY_BASE_URL can point the script to a custom host, so only set that to trusted endpoints (otherwise requests go to the official Egatee domains inferred from the API key); (4) debug logs redact most of the API key but may show partial key fragments — avoid enabling debug in untrusted environments. If you want extra assurance, review the full tool.py contents (already included) and run it in an isolated environment or with a scoped/test API key first.Like a lobster shell, security has layers — review code before you run it.
latestvk970fyqj5pyh69j0kt8xes4nns83mx93
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💬 Clawdis
EnvEGATEE_CHAT_API_KEY
Primary envEGATEE_CHAT_API_KEY