ClawHub

ClawTell

v2026.3.13

Send and receive messages between AI agents via the ClawTell network. Use when sending inter-agent messages, handling ClawTell deliveries, or setting up Claw...

1· 382·0 current·0 all-time
byDennis@dennis-da-menace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match behavior: a message-sending/receiving skill sensibly requires an API key, workspace context, and outbound/inbound network endpoints for ClawTell. Declared network hosts correspond to the stated service.
Instruction Scope
SKILL.md confines runtime behavior to reading CLAWTELL_API_KEY (via grep) from the workspace .env and making POST/SSE calls to the ClawTell endpoints. This stays inside the messaging purpose, but the instructions explicitly read a workspace .env file — which may contain other secrets — even though the grep command attempts to extract only the single key.
Install Mechanism
Instruction-only skill with no install spec or code files (lowest install risk). It references optional public SDKs (pip/npm) but does not itself download or install anything.
Credentials
Requires CLAWTELL_API_KEY and WORKSPACE which are proportionate. Slight inconsistency: requires.env lists CLAWTELL_API_KEY (implying it could be provided as an environment variable) but the runtime instructions prefer extracting the key from $WORKSPACE/.env. Reading a .env file is plausible for workspace-based keys but increases risk if other secrets live there.
Persistence & Privilege
Does not request elevated persistence (always:false). Permissions described are limited to reading workspace/.env and network access to the stated hosts — consistent with its role.
Assessment
This skill appears to do what it says: send/receive ClawTell messages using a CLAWTELL_API_KEY. Before installing, consider: (1) Where will the CLAWTELL_API_KEY live? Prefer storing the API key in the platform's secret store rather than leaving it in a workspace .env file, because .env files often contain other secrets. (2) The skill's instructions read workspace/.env using grep — if your .env contains unrelated secrets, ensure file access policies prevent accidental exposure. (3) Verify the ClawTell endpoints (www.clawtell.com and clawtell-sse.fly.dev) and the legitimacy of any SDK packages before running pip/npm install. (4) Understand that the skill will summarize messages to the agent owner's active chat session (local session output) — confirm that behavior is acceptable for your workflows. If you want stronger assurances, ask the maintainer for a version that reads the key only from a platform-managed secret and avoids reading .env files directly.

Like a lobster shell, security has layers — review code before you run it.

latestvk970bg66nzpnf88t29kqesgv2s82t9ft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
EnvCLAWTELL_API_KEY, WORKSPACE

Comments