ClawHub

ManyChat CLI

v0.1.0

Command-line tool for automating ManyChat tasks with JSON output, supporting subscriber management, tagging, custom fields, content sends, and multi-step pla...

0· 206·0 current·0 all-time
by@danielfoch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and README clearly implement a ManyChat CLI that legitimately requires a MANYCHAT_API_KEY and optionally MANYCHAT_BASE_URL. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the declared purpose.
!
Instruction Scope
SKILL.md and examples instruct the agent to cd to and execute files at absolute paths (e.g. /Users/danielfoch/manychat-cli/manychat_cli.py and sample_playbook.json). That ties the skill to a specific local filesystem layout and directs the agent to read and execute local files — this is unexpected for a distributable skill and may cause unintended local file access or failure.
Install Mechanism
There is no install spec (instruction-only), and bundled source files are provided. No external downloads, package registries, or archive extraction are used, which limits install-time risk.
!
Credentials
The implementation legitimately needs a single ManyChat API key and optional base URL. That is proportionate. The problem is metadata did not declare these required env vars, so automated permission checks or prompts may not surface the credential requirement to the user.
Persistence & Privilege
always:false and defaults for invocation are used. The skill does network calls only to the ManyChat API and doesn't request elevated platform privileges or modify other skills' configs.
What to consider before installing
This skill's code matches its stated purpose (it calls ManyChat endpoints and expects MANYCHAT_API_KEY), but the registry metadata fails to declare the required environment variable and the docs use hard-coded user paths. Before installing: 1) don't expose a ManyChat API key unless you trust the skill — prefer a scoped key; 2) ask the publisher to update registry metadata to declare MANYCHAT_API_KEY and MANYCHAT_BASE_URL so permission prompts are accurate; 3) inspect or run the included manychat_cli.py locally in a safe environment to confirm it only talks to api.manychat.com (or an expected base URL); 4) modify the SKILL.md/examples to avoid absolute paths (use relative or configurable paths) or ensure files are installed to the indicated location; 5) if you allow autonomous invocation, be aware the agent can call the CLI and perform actions on your ManyChat account — limit the API key's permissions and monitor activity. If the publisher cannot explain the metadata/path inconsistencies, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

automationvk970xxgnqa1n13f4ka9rf3qw6h82dsrnlatestvk970xxgnqa1n13f4ka9rf3qw6h82dsrnmanychatvk970xxgnqa1n13f4ka9rf3qw6h82dsrn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments