ClawHub

Supernal Interface

v1.0.13

Universal AI Interface framework for making applications AI-controllable. Use when adding AI tool decorators, setting up chat adapters, creating AI-callable functions, or integrating CopilotKit.

0· 732·2 current·2 all-time
by@ianderrington
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, and instructions consistently describe an AI-controllability TypeScript/React framework and show example usage of @supernal/interface decorators, adapters, hooks, and storage. However, the registry metadata lists 'Source: unknown' and there is no homepage; that makes it impossible to verify the package origin or maintainers even though the SKILL.md instructs installing @supernal/interface from npm.
Instruction Scope
SKILL.md contains usage examples, API surface, and an example 'npm install' line. It does not instruct the agent to read unrelated files, access secrets, or transmit data to unexpected endpoints. The only external reference is an enterprise features URL (supernal.ai/enterprise).
Install Mechanism
This is an instruction-only skill with no install spec provided to the platform. The doc recommends running 'npm install @supernal/interface' — a normal developer step — but because the package source/homepage is not provided in the registry metadata, you should verify the package on npm/GitHub before installing (typo-squatting or untrusted packages are the main risk).
Credentials
No environment variables, credentials, or config paths are requested. The examples do show auto-registering tools in an adapter, which is application behavior, but the skill does not request any secrets or unrelated credentials.
Persistence & Privilege
The skill does not use always: true and is user-invocable with normal autonomous invocation allowed. There is no instruction to modify other skills or system-wide agent settings.
Scan Findings in Context
[no_findings] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill with no code files. That is expected, but it reduces static visibility into runtime behavior of the npm package the docs reference.
Assessment
This skill's documentation and examples are coherent with its stated purpose, but the registry lists no source or homepage. Before installing or using @supernal/interface in a project: 1) verify the npm package and its repository (author, download counts, recent commits, license) to avoid typo-squatting or untrusted packages; 2) review the package source code (or a trustworthy audit) since the SKILL.md only shows examples; 3) be cautious about enabling autoRegisterTools/autoRegisterReadables — avoid auto-exposing admin or sensitive functions to AI tooling; and 4) for production use, enforce input validation, least-privilege access to storage/backends, and audit logging. If you need higher assurance, ask the publisher for a homepage/repository or prefer a well-known, audited alternative.

Like a lobster shell, security has layers — review code before you run it.

latestvk97736r8s6e2722sz34dwt29sx811ry3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments