ClawHub

Unformal API

v1.0.0

Create and manage conversational Pulses via the Unformal API. Send someone a link, an AI agent has the conversation, you get structured insights back.

0· 80·0 current·0 all-time
byJonas Boury@jonasboury
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe creating and managing Pulses via an API; the SKILL.md contains only REST endpoint docs and example curl calls against https://unformal.ai — nothing requests unrelated access (no cloud creds, no system binaries).
Instruction Scope
Runtime instructions are limited to making HTTP calls to the Unformal API, creating pulses, listing conversations, and handling webhooks. The doc does not tell the agent to read local files, other environment variables, or system state outside the API workflow.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install pattern and aligns with the described functionality.
Credentials
The skill declares no required environment variables or credentials. The documentation explains the API key model (unf_...) and shows how to include it in Authorization headers, which is proportional to an API client skill.
Persistence & Privilege
No 'always: true' or other elevated persistence is requested. The skill does not ask to modify other skills or system-wide config.
Assessment
This skill is coherent with its stated purpose, but review these practical precautions before use: (1) The registry metadata shows no verified homepage or publisher — verify unformal.ai directly and read its privacy/terms before sending data. (2) API keys (unf_...) grant access to conversation data — store them securely and do not paste them into public chat. Prefer storing keys in a secure secret store rather than in free-text agent messages. (3) If you use webhookUrl, implement verification: validate the X-Unformal-Signature HMAC-SHA256 header and accept requests only from your expected source, over HTTPS. (4) Consider data sensitivity: Pulses capture transcripts and structured insights (may contain PII). Limit linkType (use single-response links) and webhook destinations for sensitive workflows. (5) Confirm billing/credits and whether 'allowResearch' or external-model options could cause extra cost or outbound requests. (6) If you plan to grant an automated agent access to your API key, scope that privilege carefully and monitor usage. If you want stronger assurance, ask the publisher for a homepage/privacy policy or a signed publisher identity before handing over keys.

Like a lobster shell, security has layers — review code before you run it.

agentsvk97ef0ygqd9yt21skfwhbqaeen83td2caivk97ef0ygqd9yt21skfwhbqaeen83td2capivk97ef0ygqd9yt21skfwhbqaeen83td2cconversationsvk97ef0ygqd9yt21skfwhbqaeen83td2cformsvk97ef0ygqd9yt21skfwhbqaeen83td2cintakevk97ef0ygqd9yt21skfwhbqaeen83td2clatestvk97ef0ygqd9yt21skfwhbqaeen83td2csurveysvk97ef0ygqd9yt21skfwhbqaeen83td2c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments