ClawHub

Manage privypad notes

v1.0.0

Interact with the PrivyPad.com API to read, create, update, delete, and organize encrypted notes and groups on behalf of a user. Use this skill whenever the...

0· 103·0 current·0 all-time
byJay@aididmyhomework
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions all describe direct interaction with the PrivyPad API and the skill does not request unrelated binaries, credentials, or system access. The examples and endpoints align with the stated purpose. (Minor inconsistency: the SKILL.md uses both https://www.privypad.com and https://privypad.com as the base URL.)
Instruction Scope
SKILL.md limits actions to API calls using a user-supplied Bearer token and explicitly warns not to ask for passwords or attempt browser-only token endpoints. It does instruct the agent to trigger this skill whenever PrivyPad or a pp_ token is mentioned which is broader-than-minimal trigger guidance (may cause frequent autonomous invocation) but is coherent with a convenience-focused note-management skill.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing is written to disk or downloaded during install.
Credentials
The skill declares no required environment variables or config paths; it expects a user-supplied pp_ Bearer token at runtime. Requesting the user's PrivyPad API token is proportionate to the described functionality, but the token is sensitive and grants access to the user's notes.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. The skill can be invoked autonomously by the agent (platform default); this is normal and not excessive here.
Assessment
This skill is coherent and instruction-only, but before enabling: only provide a PrivyPad pp_ token you trust (it grants full access to your notes), do not paste the token in public channels, consider creating a dedicated token you can revoke if needed, confirm the correct API base URL (SKILL.md shows both with and without www), and be aware the agent may call the skill automatically when PrivyPad or related terms are mentioned. If you suspect misuse, revoke the token from PrivyPad Settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cdx23gnn8q4b7tr5n280mgn833gw6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments