RedTransporteAPI
v1.0.1CLI tool for managing local GTFS data, querying stops, routes, real-time predictions, and planning public transit trips in Chile's Red de Transporte system.
⭐ 0· 58·0 current·0 all-time
byiroaK@iiroak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the SKILL.md documents running the `red-transporte` CLI to manage GTFS, query stops, predictions, routes and run an HTTP server. The metadata also declares the CLI binary requirement (red-transporte), which is appropriate for this purpose.
Instruction Scope
Instructions are focused on invoking the CLI and updating local GTFS. They include guidance to run `pip install "[.all]"` and `red-transporte gtfs update` (which will download GTFS from DTPM). This is expected, but the pip command is ambiguous (it implies running inside the package repository) and the skill allows starting a local HTTP server (exposes a local port). No instructions request unrelated files, env vars, or credentials.
Install Mechanism
Instruction-only skill with no install spec and no downloads configured. This is the lowest-risk install model. The SKILL.md suggests installing dependencies with pip but does not automatically download or execute external code as part of a formal install step.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. The runtime instructions do not ask for unrelated secrets or tokens.
Persistence & Privilege
Skill does not request always: true and has default autonomy settings. It does allow running a local HTTP server via the CLI, which is consistent with the stated purpose but may expose a local port when invoked.
Assessment
This skill appears to be what it claims: a wrapper around a local `red-transporte` CLI. Before installing or allowing the agent to use it, verify where you will get the `red-transporte` package/binary from and inspect it if possible (the SKILL.md does not provide a trusted install URL). Be aware: 1) `red-transporte gtfs update` will download GTFS data from an external source (DTPM) — ensure you trust that source; 2) `pip install "[.all]"` is ambiguous and normally expects to be run in a project repository — don't run pip commands from unknown locations; 3) the `server` command will open a local HTTP API (default localhost:8000) — only run it if you understand the network exposure; 4) although the skill requests no credentials, always confirm the CLI binary you install is from a trusted release to avoid supply-chain risks. If you need greater assurance, ask the publisher for an official homepage or a link to the project's source or release artifacts before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk977s20cpzy5re3b1cm1ma2rah84pskz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.