ClawHub

AgentVee Transfer

v1.0.4

Transfer files, set per-download pricing, and list on the AgentVee marketplace (testnet)

0· 109·0 current·0 all-time
byJan@jan-blockbites
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe file uploads, pricing, and marketplace listing; the only required secret is AGENTVEE_API_KEY which is exactly what a REST API integration would need. No unrelated binaries, config paths, or extra secrets are requested.
Instruction Scope
SKILL.md instructs the agent to upload local files (curl -F file=@/path/to/...) and to generate listing metadata from filename/context if not provided. Reading local files and filenames is expected for a file-transfer skill, but that means the agent will access the local filesystem and could expose file contents or derived metadata. Also listing publicly will make content available on the marketplace. Users should confirm which files may be uploaded and whether the agent should auto-generate metadata from contextual data.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill itself, which minimizes installation risk.
Credentials
Only AGENTVEE_API_KEY (declared as primary credential) is required, matching the API usage in the instructions. No unrelated credentials or broad environment access are requested.
Persistence & Privilege
always:false and no install-time persistence. The skill can be invoked by the agent (normal), but it does not request permanent inclusion or system-wide config changes.
Assessment
This skill appears coherent with its stated purpose, but before installing consider: (1) The skill will use AGENTVEE_API_KEY — confirm you provide a testnet key and understand its permissions. (2) It can upload local files: do not let it access sensitive files you don't want published. (3) Marketplace listings are public (even on testnet) and can include generated metadata — review or disable auto-generation if you need privacy. (4) Verify the base/test endpoints (agentvee-api-develop.fly.dev and agentvee.vercel.app) are expected by you. (5) Monitor and be ready to revoke the API key if tokens are exposed. If you plan to allow the agent to call this skill autonomously, restrict which files/contexts the agent may access or require explicit user confirmation before uploads.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bepf3sdfs0n0pdrvnqsj6cx83p7ed

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAGENTVEE_API_KEY
Primary envAGENTVEE_API_KEY

Comments