ClawHub

Clicky Analytics

v1.2.0

Fetch website analytics from Clicky (clicky.com) via their REST API. Use when the user asks about website traffic, visitors, pageviews, top pages, bounce rat...

0· 167·0 current·0 all-time
byDustin Davis@djedi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation. The script and SKILL.md implement calls to api.clicky.com and require CLICKY_SITE_ID/CLICKY_SITEKEY (and named variants), which are the expected credentials for the Clicky API.
Instruction Scope
Runtime instructions and the included script stick to calling the Clicky API and returning JSON. One noteworthy behavior: the site key is included in the query string of the API URL (sitekey parameter), which is expected for this API but means the key may appear in logs or proxy traces. SKILL.md also suggests storing credentials in shell/profile files; users should treat those files as sensitive.
Install Mechanism
No install spec; the skill is instruction-only (plus a small shell script). No downloads, package installs, or archive extraction are performed.
Credentials
Requested environment variables are limited to CLICKY_SITE_ID / CLICKY_SITEKEY (and named variants like CLICKY_<NAME>_SITEKEY), which are directly needed. The primary credential is appropriately the sitekey. There are no unrelated secret/env requests.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do exactly what it says: call Clicky's API and return analytics. Before installing, confirm you trust Clicky and are comfortable storing the sitekey in an environment variable or ~/.openclaw/.env (these files can expose secrets if your machine or backups are compromised). Note the script places the sitekey in the URL query string (which may be logged by proxies or web servers); if Clicky offers an alternative using Authorization headers, prefer that for better secrecy. Also avoid setting overly permissive or widely-shared environment variables — use the named CLICKY_<NAME>_* pattern for per-site isolation and ensure no other unrelated secrets are stored under those names.

Like a lobster shell, security has layers — review code before you run it.

latestvk975f9917g3chb4tecms5xhsj582vg2e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binscurl
EnvCLICKY_SITE_ID, CLICKY_SITEKEY
Primary envCLICKY_SITEKEY

Comments