ClawHub

gettangemperors

v1.0.1

Query local backend API for Tang Dynasty emperor information. Use when user asks about Tang emperors, needs to fetch emperor data from local API, or referenc...

1· 209·0 current·0 all-time
byhzll@hzlpypy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and instructions: both point to GET http://127.0.0.1:8080/api/v1/test and the included Python script implements that call. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md and the script only instruct the agent to call a single local endpoint and format the returned JSON. The instructions do not read files, environment variables, or transmit data to external endpoints beyond the specified localhost API. The only minor scope note: contacting localhost can in general reveal internal data if the local service serves sensitive information, but this skill targets a single fixed endpoint returning emperor data.
Install Mechanism
This is an instruction-only skill (no install spec). The script depends on Python and the 'requests' library, but the skill metadata does not declare required binaries or an install step for dependencies — an operational mismatch rather than a security mismatch. No remote downloads or extract operations are present.
Credentials
No environment variables, credentials, or config paths are requested. The script uses a hard-coded localhost URL and does not attempt to access secrets or external services.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system configuration.
Assessment
This skill appears coherent and low-risk: it only queries a hard-coded local API and formats results. Before installing, verify that the local service at http://127.0.0.1:8080/api/v1/test is trusted and returns the expected (non-sensitive) data. Note the script requires Python and the 'requests' package even though the metadata lists no required binaries—ensure your environment has those. If you run untrusted agents, be aware that allowing autonomous invocation lets the agent call localhost endpoints; if that is a concern, restrict or review the skill before enabling automatic use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cjh422bdv5pqf18a4mkaq7x82n935

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments