ClawHub

OATDA Vision Analysis

v1.0.6

Analyze images using vision-capable AI models through OATDA's unified API. Triggers when the user wants to analyze, describe, or understand images; extract t...

0· 81·0 current·0 all-time
by@devcsde
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (vision analysis via OATDA) matches the declared requirements: curl and jq for making/parsing HTTP calls, an OATDA_API_KEY, and a ~/.oatda/credentials.json file. These are expected for a small CLI-style wrapper that reads a local credentials file and calls an external API.
Instruction Scope
SKILL.md instructions are narrowly scoped: they show how to resolve the API key (from env or the declared credentials.json), validate image URLs, assemble the JSON body, and call the documented /api/v1/llm/image endpoint. The only file and env accessed are the ones declared. It does instruct runtime curl calls to an external endpoint (expected for this purpose).
Install Mechanism
This is an instruction-only skill with no install spec or downloads. That is the lowest-risk pattern and is proportionate to the functionality.
Credentials
Only OATDA_API_KEY and a single config path (~/.oatda/credentials.json) are required, which directly map to authenticating to the OATDA API. No unrelated secrets, cloud credentials, or other service tokens are requested.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes or access to other skills' configs. It runs ad-hoc curl commands and reads a declared local credentials file — expected for this type of skill.
Assessment
This skill is internally consistent, but review the following before installing: 1) Ensure you trust OATDA and are comfortable giving the skill an OATDA API key (it will be used in outbound HTTP calls). 2) Confirm ~/.oatda/credentials.json only contains the credentials you intend the skill to access. 3) Be aware the skill will perform network requests to https://oatda.com; avoid sending sensitive images you would not want transmitted. 4) Keep agent autonomy settings in mind — although this skill is benign and not always-included, an agent invoking it can send images automatically to the external API. Rotate/revoke the API key if you later uninstall or stop trusting the integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9709m6w993cpczjxhpfyqf8wx844b8k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis
Binscurl, jq
EnvOATDA_API_KEY
Config~/.oatda/credentials.json
Primary envOATDA_API_KEY

Comments