ClawHub

Data Validate

v1.0.2

Validate URLs and JSON schemas against format rules.

0· 320·1 current·1 all-time
by@cutthemustard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (URL and JSON schema validation) matches the SKILL.md: it provides curl examples for URL, JSON Schema, email, and phone validation against an external API. There are no unrelated credentials or binaries requested.
Instruction Scope
The instructions explicitly direct the agent to POST user data to https://validate.agentutil.net endpoints. The SKILL.md does require explicit user consent before sending data (especially PII), which is appropriate. This is still a privacy-sensitive operation because validation is performed off-host; the agent will transmit whatever data is provided to the external service if consent is given.
Install Mechanism
Instruction-only skill with no install step and no code files — lowest install risk. The skill uses curl examples but does not install or download code.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or elevated access, so requested environment access is proportionate to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated privileges or modify other skills.
Assessment
This skill sends user data to an external API (validate.agentutil.net). Before installing or invoking it: (1) verify the service owner and HTTPS certificate for the domain; (2) confirm the privacy claims — you may want to test with non-sensitive data to ensure no logging or retention; (3) note the SKILL.md requires you to obtain explicit consent before sending PII — enforce that in your agent flow; (4) the pricing section mentions an on-chain payment protocol (x402 / USDC on Base) while also saying 'no authentication required' — ask the provider how paid-tier tracking and billing work; (5) if you cannot verify the provider or its privacy/billing model, prefer a local validator (libraries like ajv for JSON Schema) to avoid sending sensitive data externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk975bjeva0ef9yt0ptenr9ngjh82828y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis

Comments