ClawHub

The skill for chess player

v1.0.0

Affiche les stats Chess.com d'un joueur (rapid/blitz/bullet + puzzles) via l'API publique.

0· 382·0 current·0 all-time
byHugo Ramon Portugal@hugoramon
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state: fetch Chess.com stats via public API. The included Python script and SKILL.md both only perform a GET to api.chess.com for a validated username and format the response. No unrelated capabilities or credentials are requested.
Instruction Scope
SKILL.md restricts behavior to validating a username and running the local script. The script only reads command-line input, performs an HTTP GET to the Chess.com API, and prints results. It does not read arbitrary files, environment variables, or send data to endpoints other than api.chess.com.
Install Mechanism
No install spec is provided (instruction-only with a small local Python script). Nothing is downloaded or extracted during install, and no external packages are pulled at runtime beyond the standard Python library used in the script.
Credentials
The skill declares no required environment variables or credentials and the code does not access secrets or config. It only issues unauthenticated requests to the Chess.com public API, which is appropriate for the stated purpose.
Persistence & Privilege
The skill does not request persistent/always-installed presence, does not modify other skills or system-wide settings, and does not store credentials. Autonomous invocation is allowed by platform default but is not coupled with elevated privileges here.
Assessment
This skill appears coherent and low-risk: it validates the username and only queries the public Chess.com API. Before installing, confirm you trust the skill source (the repository/homepage is unknown). If you will run untrusted code, consider executing it in a limited environment (container or sandbox). Note: the script's User-Agent contains a placeholder contact (you@example.com) — harmless but you may prefer to update it if you publish or reuse the script. Overall, no secrets or unrelated system access are requested.

Like a lobster shell, security has layers — review code before you run it.

latestvk976nnmaajke1tvmva4wrvwgj981r5yt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments