ClawHub

simpleerp

v1.0.1

Provides procedures for calling the SimpleERP HTTP API. Runtime: shell with curl/curl.exe or PowerShell (Invoke-WebRequest/Invoke-RestMethod). Credentials: s...

1· 53·0 current·0 all-time
by@icystssi-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents: SKILL.md provides curl/PowerShell examples and workflows for the API and explicitly documents use of an x-api-key; there are no unrelated environment variables, binaries, or install actions requested.
Instruction Scope
The runtime instructions tell the agent to run curl/PowerShell commands automatically (including admin and create/rotate API-key endpoints when requested). The skill also allows optional inspection of a local simpleerp-api workspace if already present (workspace-root relative paths). This is reasonable for debugging but means the agent may read project files if the repo exists in the workspace.
Install Mechanism
No install spec or code files — the skill is instruction-only, so nothing is downloaded or written to disk by an installer.
Credentials
No required environment variables; the only optional credential reference is SIMPLEERP_API_KEY (used as the x-api-key) which is appropriate and documented. The skill does not request unrelated secrets or multiple external credentials.
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation is false (normal autonomous invocation). The skill does not request system-wide configuration changes or persistent elevated privileges.
Assessment
This skill appears to do what it says: run HTTP calls against SimpleERP using curl/PowerShell. Before using it, consider: 1) the agent will execute curl/Invoke-WebRequest commands automatically once you provide or the environment supplies an API key — if you want to review actions first, do not provide a production admin key. 2) Admin routes (create/rotate API keys, debug endpoints) are available via the API—only give a key with the minimal permissions needed. 3) If you have the simpleerp-api repo checked out in the workspace, the agent may read specific project files when asked to inspect filters/code; avoid installing the skill in sensitive workspaces if you don't want that. 4) Prefer using a staging instance or scoped API key rather than a production admin key. Overall the skill is coherent and low-risk given these precautions.

Like a lobster shell, security has layers — review code before you run it.

latestvk979gz0q4qtf4shtsskefm0yxn84cjmy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments