ClawHub

TfL London Transit

v1.0.0

London TfL transit — real-time Tube arrivals, bus predictions, line status, service disruptions, journey planning, and route info for the London Underground,...

0· 459·1 current·1 all-time
byBrian Leach@brianleach
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TfL London transit) align with the included files and runtime behavior: the script queries TfL's REST API, parses responses, and presents status/arrivals/journey data. Required binary (node) and primaryEnv (TFL_API_KEY) match the stated purpose.
Instruction Scope
SKILL.md instructs the agent to use the provided Node CLI script for TfL queries. The script's actions (GET requests to api.tfl.gov.uk, local fuzzy station matching, optional .env read for TFL_API_KEY) are within that scope and do not attempt to read unrelated system files or transmit data to unexpected endpoints.
Install Mechanism
No install spec — code is provided as files to be placed in the skills directory. There are no external downloads, no npm dependencies, and no archive extraction. This is low risk for installation mechanism.
Credentials
The only declared credential is TFL_API_KEY (optional per the docs). The script reads a local .env (if present) and process.env for that key; it does not request unrelated secrets or other credentials. This is proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-included and does not request elevated privileges. It does not modify other skills or system-wide settings. It only reads .env and uses the network to call api.tfl.gov.uk.
Assessment
This skill appears coherent and read-only: it only needs Node (18+) and optionally a TfL API key. Before installing, verify you are comfortable granting the skill network access to api.tfl.gov.uk and avoid placing any unrelated secrets in the skill's .env file (the script will read a local .env if present). Review the script if you want to confirm there are no other external endpoints or behaviors; there are no child_process calls, no eval, and no file writes. Also note some embedded station/line names look non-standard (likely harmless but may affect accuracy). If you don't want the skill to access an API key, you can run it without TFL_API_KEY (the author documents that basic usage works but is rate-limited).

Like a lobster shell, security has layers — review code before you run it.

latestvk97ff0491530wzf8mw2g82qksx81n439

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🇬🇧 Clawdis
Binsnode
Primary envTFL_API_KEY

Comments