ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Corpus

v1.0.1

Access a user's Corpus library from OpenClaw. Use when the user asks to search saved content, fetch item details, save links into Corpus, or create reminders...

0· 346·1 current·1 all-time
by@doninocode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (search, fetch, save, reminders) align with the declared requirements: python3 binary and a single CORPUS_API_TOKEN. The default API base URL matches the project homepage and the commands map to Corpus API endpoints.
Instruction Scope
SKILL.md stays within the Corpus API scope and warns not to print the token and to confirm writes. One notable instruction: the recommended workflow suggests applying code changes 'in the current working repository after user confirmation' — this is functional for implementation tasks but grants the agent a path to modify local files once the user consents. Confirmations and limited scope are recommended before any writes/edits.
Install Mechanism
No install spec; this is an instruction-only skill with a small included Python script. No downloads, package managers, or archive extraction are used.
Credentials
Only CORPUS_API_TOKEN is required (primaryEnv). Optional vars (CORPUS_API_BASE_URL, CORPUS_TIMEOUT_SECONDS) are documented. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent agent privileges or modify other skills' configuration.
Assessment
This skill appears to do what it says: talk to the Corpus API using your CORPUS_API_TOKEN. Before installing or enabling it, verify you trust the skill source (the GitHub repo), store the token with least privilege (use a dedicated token you can revoke), and review the included scripts yourself. Be cautious when the agent proposes write actions or 'apply code changes' to your repository — require explicit user confirmation for any file modifications. Rotate or revoke the token if you stop using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk973vvv04f1zst8pn2mz4gw7wd81zd0g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvCORPUS_API_TOKEN
Primary envCORPUS_API_TOKEN

SKILL.md

Corpus Skill

Use this skill to read and write a user's Corpus data through the Corpus API.

Required environment variables

  • CORPUS_API_TOKEN: user token for Corpus API access.

Generate CORPUS_API_TOKEN

  1. Install Corpus AI for iPhone: https://apps.apple.com/us/app/corpus-ai/id6748364607
  2. Open the app and sign in.
  3. Go to Integrations -> OpenClaw.
  4. Create an API token and copy it (the full value is shown once).
  5. Set that value as CORPUS_API_TOKEN in your OpenClaw skill env.

Optional environment variables

  • CORPUS_API_BASE_URL: API base URL (default: https://corpusai.app).
  • CORPUS_TIMEOUT_SECONDS: HTTP timeout in seconds (default: 30).

OpenClaw config example

{
  "skills": {
    "entries": {
      "corpus": {
        "path": "/absolute/path/to/skills/corpus",
        "env": {
          "CORPUS_API_TOKEN": "csk_live_or_jwt_token_here",
          "CORPUS_API_BASE_URL": "https://corpusai.app"
        }
      }
    }
  }
}

Commands

Run all commands through:

python3 {baseDir}/scripts/corpus_api.py <command> [options]

Available commands:

  • profile
  • list-content --limit 20 --cursor <cursor>
  • search --query "<text>" --limit 8
  • content --user-content-id <id>
  • save-url --url <url> [--user-note "<note>"]
  • create-reminder --title "<title>" --description "<desc>" --scheduled-date-utc "2026-02-18T16:00:00Z" [--user-content-id <id>]

Recommended workflow for implementation tasks

When a user asks for "find items in Corpus and implement":

  1. Use search with a focused query.
  2. Use content for top hits to collect concrete steps.
  3. Produce an implementation plan with explicit file changes.
  4. Apply code changes in the current working repository after user confirmation.

Safety rules

  • Never print or log CORPUS_API_TOKEN.
  • Prefer read operations before write operations.
  • Before write operations (save-url, create-reminder), confirm user intent if the instruction is ambiguous.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…