ClawHub

EpidBot

v1.1.1

Interact with EpidBot - AI-powered assistant for Brazilian public health data (DATASUS/SINAN)

0· 51·0 current·0 all-time
byFlávio Codeço Coelho@fccoelho
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to call an EpidBot REST API for DATASUS/SINAN and related datasets and only requests EPIDBOT_API_KEY and EPIDBOT_BASE_URL, which are appropriate for that purpose. The homepage points to a related GitHub repository, matching the described service.
Instruction Scope
SKILL.md contains concrete curl examples (async submit + poll, health check, listing tools, WebSocket streaming) and only references the declared environment vars. It does not instruct reading unrelated local files. Notes: WebSocket examples pass the API key in the query string (wss://.../?api_key=<key>) which can leak keys via logs or referer headers; the examples use jq for JSON parsing in shell snippets but jq is not declared in the skill metadata; polling loops may repeatedly hit the remote API (be aware of rate limits).
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk install model.
Credentials
Only two environment variables are required: EPIDBOT_API_KEY (primary) and EPIDBOT_BASE_URL — both are proportional to an HTTP API integration. Caution: API key will be sent to the remote EpidBot service for every request; the WebSocket example embeds the key in the URL (visibility risk).
Persistence & Privilege
The skill is not always-enabled and does not request any system-wide persistence or elevated privileges. It does not modify other skills or agent-wide settings.
Assessment
This skill is internally coherent for calling an external EpidBot API, but review these points before installing: 1) The skill will send your EPIDBOT_API_KEY to the configured base URL — only use a key you trust the EpidBot service with. 2) The WebSocket example places the API key in the URL query string, which can be exposed in logs; prefer header-based auth when possible. 3) Example commands use curl and jq; ensure the agent environment provides those tools or the examples may fail. 4) The SKILL.md uses polling loops — be mindful of rate limits and potential repeated requests. 5) There is a small metadata inconsistency: registry metadata listed no required binaries, but SKILL.md's metadata lists curl as a bin; confirm the runtime will have the necessary CLI tools. If you need stronger guarantees, verify the EpidBot service (https://api.epidbot.kwar-ai.com.br or your configured EPIDBOT_BASE_URL) and the GitHub repo prior to granting the API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk973n3ydwepbdrh87kc5qmdeax83z8bs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏥 Clawdis
EnvEPIDBOT_API_KEY, EPIDBOT_BASE_URL
Primary envEPIDBOT_API_KEY

Comments