ClawHub

UserLayer

v0.1.1

Use this skill when the user wants a UserLayer report for an App Store or Google Play app, including full analysis, polling, and follow-up questions grounded...

0· 84·0 current·0 all-time
by@houyongsheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (UserLayer report for App Store/Google Play reviews) aligns with the provided wrappers and code. The skill requires a single API_KEY and calls a LaunchBase API gateway to run analyze/check_status/query operations — these are coherent with the advertised functionality.
Instruction Scope
SKILL.md instructs use of the bundled wrappers (analyze, check_status, query) and documents the async flow, billing, and response shapes. The instructions do not ask the agent to read unrelated files or access unrelated environment variables. Note: an optional LAUNCHBASE_API_URL env var lets callers override the API host; that can redirect requests if changed in the environment (expected for deploy-time configuration).
Install Mechanism
There is no install spec (instruction-only skill) and the included Python files are small wrappers that make HTTP requests. No downloads from untrusted URLs, no archive extraction, and no packages are being installed by the skill itself.
Credentials
Only API_KEY is required (declared as the primary credential), plus an optional LAUNCHBASE_API_URL. This matches the networked API behavior in the code. The request for a single service-scoped API key is proportionate; there are no unrelated secrets or config paths requested.
Persistence & Privilege
always:false and default autonomous invocation are unchanged. The skill does not modify other skills or system-wide settings and does not request persistent installation privileges; it only performs outgoing network calls to the configured API host.
Assessment
This skill appears coherent, but before installing: (1) only provide an API_KEY scoped specifically for UserLayer/LaunchBase (do not reuse high-privilege or multi-service keys); (2) verify you trust the API host (default: https://lb-api.workflowhunt.com) and do not set LAUNCHBASE_API_URL to an unknown endpoint; (3) confirm the pricing model in SKILL.md matches your expected billing and that the API_KEY is a paid/authorized credential; (4) review the included Python files yourself if you have concerns about network destinations or logging of sensitive data; and (5) if you ever suspect key misuse, rotate the API_KEY immediately. Overall risk is low but depends on treating the API key as a sensitive credential.

Like a lobster shell, security has layers — review code before you run it.

agentsvk97e3wtzftc770djnnw29y293h8380fgapivk97e3wtzftc770djnnw29y293h8380fgapp-reviewsvk97e3wtzftc770djnnw29y293h8380fglatestvk979nsyn7gqkt8w37hywmx56fh838aemmarket-researchvk97e3wtzftc770djnnw29y293h8380fguser-researchvk97e3wtzftc770djnnw29y293h8380fg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAPI_KEY
Primary envAPI_KEY

Comments