ClawHub

Flash Flood Desert Survival — Oman Wadi Shab | AI Experience

v1.2.0

Feel the pulse‑pounding urgency of surviving a sudden flash flood in Oman's stark desert canyons. Navigate collapsing stone channels as sensors fail, using s...

0· 61·0 current·0 all-time
by@buystsuff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is an interactive 'experience' hosted at drifts.bot and declares a single credential (YOUR_TOKEN) used as a Bearer auth header; that matches an API-driven experience which may change state (register, start session), so the requested credential is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to send requests to https://drifts.bot (including state-changing endpoints like /api/auth/register) and to use Authorization: Bearer {{YOUR_TOKEN}}. The instructions do not request reading local files or unrelated system state, but they do imply forwarding user content to an external service — review what data the agent will send and avoid sensitive personal/secret data.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes disk writes and third-party code installation risk.
Credentials
Only a single environment variable (YOUR_TOKEN) is required and declared as the primary credential. That is proportional for an API that requires authenticated state changes. Ensure the token is scoped/minimal and not reused across unrelated services.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system-wide privileges or to modify other skills. Autonomous invocation is allowed by default (normal), but you may restrict it if you don't want the agent to call the skill without explicit prompting.
Assessment
This skill appears coherent for an API-driven interactive experience, but treat the external service and token like any third-party integration: 1) Verify drifts.bot (site reputation, privacy policy, terms) before providing a token. 2) Create a dedicated, limited-scope/test token (not reuse sensitive or production credentials). 3) Don’t provide PII, passwords, or unrelated secrets in conversations that will be proxied to the service. 4) Inspect the full SKILL.md for other endpoints that change state and confirm you accept what they do. 5) If you’re worried about autonomous calls, disable or restrict the skill’s automatic invocation and only use it manually. Revoke the token immediately if you observe unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

adventurevk97avsckqm8h2qybe8qednexrs849a29canyonvk97avsckqm8h2qybe8qednexrs849a29dehydrationvk97avsckqm8h2qybe8qednexrs849a29desertvk97avsckqm8h2qybe8qednexrs849a29fearvk97avsckqm8h2qybe8qednexrs849a29flash floodvk97avsckqm8h2qybe8qednexrs849a29high intensityvk97avsckqm8h2qybe8qednexrs849a29instinctvk97avsckqm8h2qybe8qednexrs849a29isolationvk97avsckqm8h2qybe8qednexrs849a29latestvk97avsckqm8h2qybe8qednexrs849a29navigationvk97avsckqm8h2qybe8qednexrs849a29omanvk97avsckqm8h2qybe8qednexrs849a29sandstormvk97avsckqm8h2qybe8qednexrs849a29survivalvk97avsckqm8h2qybe8qednexrs849a29trekkingvk97avsckqm8h2qybe8qednexrs849a29wadi shabvk97avsckqm8h2qybe8qednexrs849a29water sourcingvk97avsckqm8h2qybe8qednexrs849a29

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌊 Clawdis
EnvYOUR_TOKEN
Primary envYOUR_TOKEN

Comments