ClawHub

OpenAlexandria

v0.2.0

Query and submit artifacts to the OpenAlexandria federated knowledge protocol (reference node by default).

0· 987·0 current·0 all-time
by@havneco
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included Python CLI and SKILL.md. Only runtime requirement is python3 and optional environment vars (OPENALEXANDRIA_BASE_URL, OPENALEXANDRIA_API_KEY) which are appropriate for querying and submitting to a remote node.
Instruction Scope
SKILL.md and the CLI limit actions to HTTP GET/POST calls to the declared base URL and reading a JSON bundle from a specified file or stdin for submissions. The instructions do not read other system files or unrelated env vars. Note: submissions transmit whatever JSON you provide to the remote node — do not submit secrets or sensitive data.
Install Mechanism
No install spec; the skill is instruction-only with a small included Python script. There are no downloads, package installs, or archive extraction steps in the manifest.
Credentials
No required credentials are declared. The optional OPENALEXANDRIA_API_KEY (for submit/whoami) and OPENALEXANDRIA_BASE_URL (to override the node) are proportional and expected for this functionality.
Persistence & Privilege
always:false (normal) and the skill does not modify other skills or system config. However, because the agent may invoke the skill autonomously and the skill can submit user-provided bundles to an external node, consider limiting autonomous use or restricting the API key's scope to prevent accidental or unwanted data submission.
Assessment
This skill appears to implement exactly what it advertises. Before installing: (1) verify you trust the default node URL or set OPENALEXANDRIA_BASE_URL to a node you control; (2) never submit sensitive data — submissions send whatever JSON you provide to a remote server; (3) store your OPENALEXANDRIA_API_KEY securely and avoid exposing it to agents you don't fully trust; (4) consider disabling autonomous invocation for agents that have access to this skill if you want to prevent automated submissions; and (5) note that the source/homepage is unknown — if you need stronger assurance, inspect the included Python file locally or ask the publisher for provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk9766s9s9abdhxrww166pfgwtd80xnjj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments