ClawHub

London public transport journey planner and disruptions

v1.0.1

Plan TfL journeys from start/end/time, resolve locations (prefer postcodes), and warn about disruptions; suggest alternatives when disrupted.

2· 1.8k·1 current·1 all-time
by@diegopetrucci
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (TfL journey planning + disruptions) aligns with the provided script and SKILL.md. The code builds Journey and Line Status requests to api.tfl.gov.uk and performs the expected parsing and reporting. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md confines runtime behavior to resolving locations, calling the TfL Journey and Line Status endpoints, and presenting results. It instructs optionally using TFL_APP_ID and TFL_APP_KEY. The instructions do not ask the agent to read unrelated files, system state, or send data to external endpoints beyond api.tfl.gov.uk.
Install Mechanism
This is an instruction-only skill with an included Python script; there is no install step, no external downloads, and no packages being installed from untrusted URLs. The script uses only Python stdlib (urllib, os, json).
Credentials
No required env vars are declared. The only optional variables mentioned and read by the script are TFL_APP_ID and TFL_APP_KEY, which are appropriate for authenticating to the TfL API. The script does not attempt to read other credentials or unrelated environment variables.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or access to other skills' configs. It simply issues outbound HTTPS requests to the TfL API when executed.
Assessment
This skill appears internally consistent: it calls only the official TfL API and optionally uses TFL_APP_ID/TFL_APP_KEY if you provide them. Before installing, consider: (1) only provide your TfL keys if you trust the skill source (the keys are used only to call api.tfl.gov.uk as seen in the code); (2) the agent will make outbound network calls when running the script, so verify network policies if that matters; (3) review the included Python script yourself (it's short and readable) if you have any doubt. No other unexpected permissions or data exfiltration patterns were found.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cffkh0j9h1xd5tgx98psnnx7zpjpr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments