Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (query macroeconomic data from a local FastAPI server) align with the included Python script and examples. The skill only needs python3 to run the provided macro_api.py which calls table endpoints listed in ALLOWED_ENDPOINTS.
Instruction Scope
SKILL.md instructs running the included script to call a base URL on the local network (http://10.168.1.162:8000) and shows many example endpoints. The instructions do not request other files, environment variables, or secrets. Note: base URL is hardcoded to a private IP rather than configurable, which limits flexibility and could cause the agent to contact an unexpected internal host if the network differs.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However, the Python code uses the third-party 'requests' library but the skill does not declare that dependency; the runtime may fail or require installing that package beforehand.
Credentials
No environment variables or credentials are requested or used, which is proportionate. One omission: BASE_URL is not exposed as a configurable env var, so users cannot easily change the target host without editing the file.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or cross-skill privileges. It does perform outbound HTTP calls when invoked, which is expected behavior for its purpose.
Assessment
This skill appears to do what it says: run a local Python script that queries a FastAPI server on the local network. Before installing or running it: (1) inspect/confirm the BASE_URL (http://10.168.1.162:8000) — if you do not host a trusted service at that address, the skill would contact an internal host you may not expect; (2) ensure Python's 'requests' library is available or install it (pip install requests); (3) consider editing the script to make BASE_URL configurable via an environment variable rather than a hardcoded IP so you can point it to a safe/expected endpoint; (4) if you run agents on networks with sensitive internal services, be careful because this skill issues network requests to private addresses when invoked. These are operational cautions, not indicators of malware.Like a lobster shell, security has layers — review code before you run it.
latestvk9791g99t6se615edxxn73jfx58403ff
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binspython3