ClawHub

student-rooms

v1.1.0

Search, scan, and monitor student accommodation availability across Yugo and Aparto providers. Use when the user asks about student housing, room availabilit...

0· 396·0 current·0 all-time
byGonzalo López Gil@gonzalopezgil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (search/monitor Yugo & Aparto) matches the CLI commands and features documented in SKILL.md (discover, scan, watch, probe-booking, notifications). The declared absence of required binaries/env vars is consistent with this being an instruction-only skill that expects an external student-rooms CLI to already exist.
Instruction Scope
SKILL.md tells the agent to run python -m student_rooms and to read/write a config.yaml in the tool's directory; it does not instruct reading unrelated system files or exfiltrating secrets. However it assumes a local codebase/virtualenv and persistent storage for seen-options; the skill does not supply or fetch that code, so the instructions will only work if the external CLI is present.
Install Mechanism
No install spec or downloads are present (instruction-only). This minimizes direct supply-chain risk from the skill package itself but places the burden on the user to obtain the student-rooms CLI from a trustworthy source.
Credentials
The skill declares no required environment variables. Notification backends (telegram webhook, openclaw) will require tokens/URLs if used — that is proportional to the notification feature and is documented in SKILL.md. No unrelated credentials or system paths are requested.
Persistence & Privilege
The skill is not forced-always and has no special persistence or system-wide configuration changes documented. It references local persistence for seen-options in the external CLI, which is expected for a watcher.
Assessment
This skill is an instruction-only guide for using a separate 'student-rooms' CLI; the skill package itself contains no code. Before using: 1) Verify and obtain the student-rooms CLI from a trusted source (GitHub/org/release) — do not run arbitrary Python modules you downloaded from unknown places. 2) If you enable notifications, only provide tokens (Telegram bot token, webhook URL, OpenClaw access) to the installed tool and store them securely. 3) Be aware the tool scrapes provider sites and may store local state (seen-options) — run it in an isolated environment (virtualenv/container) if you are concerned. 4) If you plan to use OpenClaw integration, confirm what the CLI will send to OpenClaw (message vs agent mode) to avoid leaking more context than intended.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqqchma6j0ndfmgkd8vagzd82ggky

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments