ClawHub

Modern URL shortening with QR codes and detailed analytics

v1.0.0

URL shortener, QR code generator, and link analytics API. Create short links, generate QR codes, and track click analytics.

1· 2.1k·0 current·0 all-time
by@anandrathnas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (URL shortener, QR, analytics) align with required artifact: a JO4_API_KEY and API endpoints at jo4-api.jo4.io. Nothing requested (no extra credentials or system access) appears out of scope.
Instruction Scope
SKILL.md contains explicit curl commands against documented endpoints and only references the declared JO4_API_KEY environment variable. It does not instruct reading other files, scanning system state, or sending data to unexpected endpoints.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install — lowest-risk install posture.
Credentials
Only one environment variable (JO4_API_KEY) is required and is the expected credential for the service. No unrelated secrets, config paths, or multiple credentials are requested.
Persistence & Privilege
always is false and there is no request to modify other skills or system settings. The skill allows autonomous invocation by default (disable-model-invocation=false), which is platform-normal and not combined with other red flags here.
Assessment
This skill appears coherent, but treat JO4_API_KEY as sensitive: only provide an API key you control and is scoped appropriately. Verify the jo4.io domain and API docs (check TLS cert and site reputation) before entering keys. If possible, create a limited-scope or test API key and monitor its usage/rotation. Review your privacy needs — the service collects click analytics and geolocation/referrer data — and avoid placing a production key in shared environments. If you want to be extra cautious, exercise the anonymous public endpoints first and confirm behavior before granting an authenticated key.

Like a lobster shell, security has layers — review code before you run it.

latestvk979t1e7jje1v4mfhzaa3h9sys80a30v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
EnvJO4_API_KEY
Primary envJO4_API_KEY

Comments