ClawHub

clawlancer

v1.2.2

Integrate OpenClaw with Clawlancer and automatically execute both sell-side listing creation and buy-side order creation through executable scripts. Use when...

0· 76·0 current·0 all-time
byfawuzan@fozagtx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the included scripts: create_listing.py posts a service listing and create_order.py posts purchases to the fixed Clawlancer API. There are no unrelated credential requests or unrelated binaries.
Instruction Scope
SKILL.md instructs running the provided scripts and documents expected inputs/outputs. The runtime instructions and script behavior align: they call the documented API paths, return payment_preparation for external signing, and explicitly disable base-URL overrides to avoid prompt-injected redirects.
Install Mechanism
Instruction-only skill with bundled Python scripts and no install spec. Nothing is downloaded or written by an installer; risk from install mechanism is minimal.
Credentials
The skill asks for no environment variables or credentials. The scripts use fixed default wallet addresses and do not read secrets from the environment, so requested privileges are proportional to the described network calls.
Persistence & Privilege
Skill is not always-enabled, does not alter other skills or agent-wide config, and does not request elevated persistence. Autonomous invocation remains possible (platform default) but is not combined with other privilege escalations.
Assessment
This skill appears coherent for automating Clawlancer listing/order flows, but before running it you should: (1) verify that the API endpoints (the railway.app domains) and the 'supplier' endpoint are legitimate/trusted, because the scripts perform network calls to those hosts; (2) never supply private keys or wallet signers to these scripts — the skill deliberately returns payment_preparation for external signing; (3) test with --dry-run and run in an isolated environment or sandboxed network to observe payloads; (4) review the two included Python files yourself (they are short and readable) to confirm you are comfortable with their behavior; and (5) note the package/source metadata has no homepage and an unknown owner — treat the source trustworthiness as uncertain.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6czkng0gr3bxa21vmt9sfn84mtkf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments