ClawHub

Short.io

v1.0.5

Use this skill to manage Short.io branded short links via their REST API. Triggers on: create short link, shorten URL, Short.io, manage links, short link sta...

0· 70·0 current·0 all-time
byDewaldt Huysamen@godsboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env var (SHORT_IO_API_KEY), and required binaries (curl, jq, python3, column) all match a CLI helper that talks to Short.io's REST and statistics APIs. There are no unrelated credentials or unexpected service hosts.
Instruction Scope
SKILL.md and scripts/shortio.sh confine activity to Short.io API endpoints. One notable point: the helper 'sources' a secrets file (~/.secrets/shortio.env) to load SHORT_IO_API_KEY, which will execute any shell constructs present in that file. This is common practice but the user should ensure the file contains only simple environment assignments (and correct permissions) to avoid executing unintended commands.
Install Mechanism
No install spec or remote downloads; the skill is instruction-only with a shipped shell script. Nothing is fetched from arbitrary URLs and no archives are extracted.
Credentials
Only a single credential (SHORT_IO_API_KEY) is required and it is the expected secret for the Short.io API. Binaries requested are reasonable for the script's behavior. The only path referenced is the user's secrets file; users should ensure it doesn't contain other sensitive variables or executable content.
Persistence & Privilege
always:false and user-invocable:true (default). The skill does not request permanent system-wide presence or modify other skills/config. It does not enable autonomous elevation of privilege beyond normal API access.
Assessment
This skill appears to do exactly what it claims: call Short.io APIs using your Short.io secret API key. Before installing or running: (1) review scripts/shortio.sh yourself; (2) store the API key in a file that contains only an assignment (SHORT_IO_API_KEY=...) and set strict permissions (chmod 600); (3) consider exporting SHORT_IO_API_KEY in your shell instead of sourcing a file if you prefer; (4) verify the key's scope on Short.io and be prepared to revoke it if you suspect compromise. If you are comfortable with these checks, the skill is coherent and reasonable to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97537cm5gn6w3ewc2213tfj4x83x71k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
Binscurl, jq, python3, column
EnvSHORT_IO_API_KEY
Primary envSHORT_IO_API_KEY

Comments