ClawHub

Lemonade Server Manager

v1.0.7

Manage Lemonade Servers natively. Use when checking system info, health status, listing available models, pulling or loading new models, completing LLM chats...

0· 128·0 current·0 all-time
byJames Martinez@james-martinez
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared operations (system info, health, list/pull/load/unload models, chat, image generation). The only runtime requirement (curl) and the optional LEMONADE_API_KEY are appropriate for an HTTP-based server-management skill.
Instruction Scope
SKILL.md confines behavior to making HTTP requests to a base server_url (default http://localhost:8000) and explicitly warns prompts/model requests will be transmitted to that URL. It does not instruct reading arbitrary host files or other env vars. Note: if a remote server_url is supplied, user prompts and model payloads will be sent to that remote endpoint — expected for this skill but important for user privacy.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. README suggests manual clone or ClawHub install, but nothing is automatically downloaded by the skill itself.
Credentials
Only an optional LEMONADE_API_KEY is declared and used by the documented curl examples. No unrelated credentials, config paths, or high-privilege env vars are requested.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill can be invoked autonomously by the agent (platform default). Combined with the ability to send user prompts to arbitrary server_url values, this is a privacy consideration but not an incoherence or disproportionate privilege in itself.
Assessment
This skill appears coherent for managing Lemonade servers. Before installing: (1) Be aware that any content you send through the skill will be forwarded to whatever server_url you (or the agent) supplies — avoid sending sensitive data to untrusted remote endpoints. (2) Prefer using local servers (http://localhost:8000) or HTTPS endpoints you control; verify TLS and host identity for remote servers. (3) The API key is optional — only set LEMONADE_API_KEY if you trust the target server. (4) The registry metadata has no homepage while SKILL.md lists a GitHub repo; if provenance matters, manually inspect the repository/owner to confirm trustworthiness before installing or exporting credentials. (5) Because the skill can be invoked by the agent autonomously (platform default), review agent autonomy settings if you want to restrict automatic calls to remote servers.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ejk6p4tffb48k95y0z6k17183dqfp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🍋 Clawdis
OSLinux · macOS · Windows
Any bincurl

Comments