ClawHub

Farmos Equipment

v1.0.0

Query equipment status, maintenance schedules, and service history for the farm fleet. Uses integration endpoints (no auth required).

0· 568·3 current·3 all-time
by@brianppetty
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md documents endpoints for listing equipment, due maintenance, searches, and recording completions. The skill declares no binaries, no env vars, and no primary credential, which is consistent with a simple integration that 'needs no auth'.
!
Instruction Scope
The runtime instructions instruct the agent to call a specific API base by raw IP (http://100.102.77.110:8005) and to always return complete, untruncated datasets. They also include write endpoints (e.g., POST /api/integration/record-completion). Because there is no auth configured, the agent will attempt unauthenticated reads and writes against that IP — this may unintentionally target an internal service and can modify records without credentials.
Install Mechanism
Instruction-only skill with no install steps or code files. Nothing is written to disk during install, which minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, which is consistent with its 'no auth required' claim. That said, the absence of credentials for endpoints that perform POST/write operations is a behavioral risk (unauthenticated writes), not a mismatch between declared and requested secrets.
Persistence & Privilege
Flags show normal privileges (always: false, model invocation allowed). The skill does not request persistent presence or system-wide configuration changes.
Assessment
This skill appears to do what it says: query and manage farm equipment via the documented API. Before enabling it for your agent, check the following: - Confirm the API base (http://100.102.77.110:8005) is the intended endpoint: it's a raw IP (in the 100.64.0.0/10 shared-address range), which likely refers to an internal or carrier-network host rather than a public service. Allowing the agent to call it may contact internal network resources. - Note the skill includes write endpoints (record-completion) with no auth configured. If you don't want the agent to be able to modify records, restrict the agent to read-only actions or block outbound requests to that IP. - Because the skill comes from an unknown source and has no homepage, prefer testing it in a restricted environment (sandbox or limited network) and monitor API traffic/logs before granting broad use. - If this integration is meant for your organization, replace the raw IP with a verified domain and add authentication (API key/OAuth) or network controls so writes are authorized. If you need higher assurance, ask the publisher for documentation, a trusted base URL, and confirmation of authentication and intended network placement.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735632ep42z0gye8pexfcb3d81edgv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments