ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RevenueCat

v1.0.3

RevenueCat metrics, customer data, and documentation search. Use when querying subscription analytics, MRR, churn, customers, or RevenueCat docs.

3· 2.5k·6 current·6 all-time
by@jeiting
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (RevenueCat metrics, customers, docs) match the delivered files: a small bash wrapper that calls api.revenuecat.com and a large set of API reference documents. Required binary (curl) and the single env var (RC_API_KEY) are expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to use scripts/rc-api.sh to call RevenueCat API endpoints and to consult included reference files or the public docs. The script only checks RC_API_KEY and performs a GET to https://api.revenuecat.com/v2<endpoint>. There are no instructions to read unrelated local files, other env vars, or to send data to third‑party endpoints.
Install Mechanism
No install spec (instruction-only plus a tiny included script). Nothing is downloaded from external, untrusted URLs and no archive extraction or package installation is requested — low install risk.
Credentials
Only RC_API_KEY is required and is exactly the credential needed to call RevenueCat APIs. The skill does not request unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide privileges or modify other skills. It will only use RC_API_KEY when invoked.
Assessment
This skill appears to do exactly what it says: it issues GET requests to RevenueCat using the RC_API_KEY. Before installing, confirm the skill's origin (source/homepage are unknown) and only provide a least-privilege RevenueCat API key (a v2 secret scoped to the needed project). Treat RC_API_KEY as sensitive: rotate/revoke it if the skill is removed or if you suspect misuse. If you need stricter control, test the skill with a throwaway or read‑only API key and avoid exposing production keys until you’re comfortable with its behavior. Finally, be aware the skill can call the RevenueCat API whenever invoked (agent autonomous invocation is allowed by default).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7ahmfad2kcm6gnp16f9vtx81z866

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

😻 Clawdis
Binscurl
EnvRC_API_KEY
Primary envRC_API_KEY

SKILL.md

RevenueCat

Query RevenueCat metrics and search documentation.

Config

Set RC_API_KEY environment variable, which should be a v2 secret API key.

Context

Query the RevenueCat API (GET /projects) to get information about the project you have access to. Your RevenueCat API key allows access to a single project. Use the project ID in subsequent API calls.

API Access

{baseDir}/scripts/rc-api.sh <endpoint>

Example: {baseDir}/scripts/rc-api.sh /projects to list projects.

Local API Reference

Start with {baseDir}/references/api-v2.md for auth, pagination, and common patterns. Then load the domain file you need:

DomainFileCovers
Customersreferences/customers.mdCRUD, attributes, aliases, entitlements, subscriptions, purchases, invoices, virtual currencies, actions
Subscriptionsreferences/subscriptions.mdList, get, transactions, cancel, refund, management URL
Productsreferences/products.mdCRUD, create in store, test prices
Offeringsreferences/offerings.mdOfferings, packages, package products
Entitlementsreferences/entitlements.mdCRUD, attach/detach products
Purchasesreferences/purchases.mdList, get, refund, entitlements
Projectsreferences/projects.mdProjects, apps, API keys, StoreKit config
Metricsreferences/metrics.mdOverview metrics, charts, chart options
Paywallsreferences/paywalls.mdPaywall creation
Integrationsreferences/integrations.mdIntegrations CRUD
Virtual Currenciesreferences/virtual-currencies.mdVirtual currencies CRUD
Error Handlingreferences/error-handling.mdError handling
Rate Limitsreferences/rate-limits.mdRate limits

Only load the reference file relevant to the current task — don't load them all.

Remote Documentation Search

The RevenueCat documentation is available at https://www.revenuecat.com/docs. Use https://www.revenuecat.com/docs/llms.txt and /sitemap.xml as a guide to the content that is available. Add .md to the end of a documentation URL to get the markdown version of the page.

Files

18 total
Select a file
Select a file to preview.

Comments

Loading comments…