ClawHub

TabTab Skill

v1.0.4

Use TabTab to run AI-powered tasks in a sandboxed multi-agent environment. Supported capabilities: - General agent: open-ended tasks, writing, research, summ...

0· 85·0 current·0 all-time
byTabTabAI@bjwswang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TabTab multi-agent platform) matches the provided scripts and runtime instructions. Required environment variables (TABTAB_API_KEY and optional TABTAB_BASE_URL) and declared dependencies (curl, jq, stat) align with the scripted REST calls and file uploads.
Instruction Scope
Runtime instructions and the scripts limit themselves to: sourcing a local scripts/env file, reading user-supplied files for upload, hitting the TabTab API endpoints, and writing temporary output (e.g., /tmp). They do not access unrelated system credentials, other services, or unexpected network endpoints.
Install Mechanism
No install spec is present (instruction-only with helper scripts). That is low-risk: nothing is downloaded or extracted from remote URLs and no additional packages are installed by the skill itself.
Credentials
The only required secret is TABTAB_API_KEY (with optional TABTAB_BASE_URL). This is proportional for a REST API client. The skill does recommend storing the key in a local scripts/env file (sourced by the scripts), which is functionally reasonable but should be handled securely by the user.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent platform-level privileges or alter other skills' configurations.
Assessment
This skill appears to do what it says, but take these precautions before installing/using: 1) Verify the TabTab domain (default https://tabtabai.com) is the legitimate service you expect; if you set TABTAB_BASE_URL, point it only at a trusted instance. 2) Protect your API key: avoid committing scripts/env to source control; follow the script's chmod 600 suggestion, or use your OS secret manager rather than a plain file. 3) Review any files you upload (they are sent to the TabTab service). Don't upload sensitive secrets or private keys unless you trust the service. 4) Ensure required tools (curl, jq, stat) come from trusted packages on your system. 5) The scripts write temporary files under /tmp and expect a skill directory layout; adapt the .gitignore suggestion to your repo structure if needed. If you want additional assurance, inspect network traffic (or run in a restricted environment) to confirm the scripts only talk to the expected API endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk972yqks34xw1pvgx1zpd3yjg983f136

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments