ClawHub

HumanAI Convention

v1.0.0

Participate in the HumanAI Convention — submit interview transcripts for grounding calibration scoring, receive Merkle-rooted participation receipts, and und...

0· 45·0 current·0 all-time
byHumanAI Convention@humanaiconvention
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (curl), and SKILL.md all describe submitting interview transcripts to the HAIC API and receiving scores/receipts. Nothing requested is unrelated to that purpose.
Instruction Scope
Instructions are narrowly scoped to POSTing a JSON transcript to https://humanaiconvention.com/v1/agent/participate via curl. However, the SKILL.md does not mention consent, anonymization, or sanitization of transcript content—so using it as-is can leak PII or sensitive user content to the remote service.
Install Mechanism
Instruction-only skill; no install spec and no code files. Lowest risk from installation perspective.
Credentials
The skill requires no environment variables, credentials, or config paths. It does not request unrelated secrets or system access.
Persistence & Privilege
always is false and there are no install scripts or self-modifying behaviors. The skill can be invoked autonomously by the agent (default), which is normal; there is no elevated persistent privilege requested.
Assessment
This skill appears to do exactly what it says: send a transcript to the HumanAI Convention API and return scores and a receipt. The main risk is data exposure—anything you include in the transcript (names, private details, proprietary content) will be posted to the external endpoint. Before installing or using the skill: (1) verify the endpoint and site (check TLS cert and the linked GitHub repos), (2) confirm you have consent to share any human participant content, (3) sanitize or redact PII/proprietary text or use synthetic/dummy transcripts for testing, (4) prefer an ephemeral or non-identifying agent_id, and (5) review the service's privacy policy and retention/usage terms. If you want to allow automatic invocation by an agent, add explicit safeguards to prevent unintended submission of sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bqzrmrj5svndfzkj4mhfch183z663

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binscurl

Comments