ClawHub

CorpusGraph Document ETL and entity relationship engine for AI agents

v1.0.4

Document ETL, entity extraction, and relationship graphing engine. Convert 1,000+ file formats into searchable, structured data with automatic entity and rel...

0· 114·0 current·0 all-time
by@aingestigate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, README, skill.json, and SKILL.md all describe the same functionality (document ETL, NER, graph queries) and the only runtime requirements are an API base URL and short-lived access token — which are appropriate and proportionate for a remote API wrapper.
Instruction Scope
The SKILL.md contains explicit API call patterns and mandates using the declared INGESTIGATE_TOKEN and INGESTIGATE_BASE_URL. It does not instruct the agent to read unrelated files, other credentials, or system paths. One operational note: it instructs the agent to fetch the full developer guide at session start (requires the same token), which could expose additional endpoint behaviors — but that is coherent with the skill's purpose.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself (lowest install risk).
Credentials
Only two environment values are required (INGESTIGATE_TOKEN and INGESTIGATE_BASE_URL). Both are justified and declared; the token is short-lived (30 minutes) which reduces long-term exposure. Note: possession of the token grants API access to the user's corpus, so it should be scoped and stored only in secure platform settings as the SKILL.md recommends.
Persistence & Privilege
The skill does not request always:true and is user-invocable with normal autonomous invocation allowed. It does not attempt to modify other skills or system settings; there are no installation steps that grant additional system privileges.
Assessment
This skill appears coherent and implements a remote API wrapper. Before enabling it: 1) configure INGESTIGATE_TOKEN and INGESTIGATE_BASE_URL only in your platform's secure skill settings (do not paste tokens into chat), 2) verify the Ingestigate account, permissions, and token scope — the token grants access to your corpus so keep it limited and short-lived, 3) test with non-sensitive data first to confirm behavior and costs, and 4) if you need stronger data controls, ask about the advertised air-gapped / on-prem option or restrict uploads to avoid sending regulated or highly sensitive documents to the hosted service.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fse7evb723g276evcctmt61837g65

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments