ClawHub

snipit.sh

v1.0.0

Share code snippets and files securely via snipit.sh with AES-256 encryption. Use when sharing code, configs, logs, diffs, or secrets with password protection, burn-after-read, or auto-expiration. Supports CLI (snipit) or curl API fallback.

0· 1.2k·1 current·1 all-time
by@homecity
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binaries (snipit or curl), and the npm install (snipit-sh) all align with a CLI/API wrapper for snipit.sh. No unrelated credentials, config paths, or binaries are requested.
Instruction Scope
SKILL.md only instructs the agent to install/use the snipit CLI or fall back to the snipit.sh API via HTTPS. It does not instruct the agent to read arbitrary system files, environment variables, or post data to unexpected endpoints.
Install Mechanism
Installation is via npm (package snipit-sh) which is a common distribution method for CLI tools. npm packages can run postinstall scripts and install arbitrary code, and the skill metadata lacks a homepage/source link — verify the package author and contents before globally installing.
Credentials
No environment variables or unrelated credentials are requested. The skill asks the user to supply passwords for protecting snippets as appropriate, which is proportional to the feature set.
Persistence & Privilege
The skill does not require persistent platform privileges (always is false). It does install a global binary if the user runs npm -g, which modifies the system environment; consider installing locally or in a container if you prefer less persistence.
Assessment
This skill appears to do what it says: it wraps the snipit.sh service via a CLI or curl. Before installing: 1) Check the npm package (snipit-sh) page, author, and recent downloads/versions to ensure you trust the publisher; 2) Prefer using the curl API fallback if you don't want to install a global npm package; 3) Be aware that npm packages may run install scripts — consider installing in a sandbox or without -g; 4) When sharing secrets, use a strong, unique password and verify the HTTPS endpoint (https://snipit.sh) to avoid MITM; 5) If you need higher assurance, inspect the npm package contents or source repo for suspicious scripts before installing. If you want, I can look up the npm package metadata and recent publish info for snipit-sh to help you decide.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eh6b7b418r1hcz0r5qc31kn80px9c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Any binsnipit, curl

Install

Install snipit CLI (npm)
Bins: snipit
npm i -g snipit-sh

Comments