ClawHub

Hedy

v1.1.0

Access Hedy meeting data: sessions, transcripts, highlights, todos, topics, contexts, and webhooks via the Hedy REST API.

2· 147·0 current·0 all-time
byJulian Pscheid@julianpscheid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested artifacts: the SKILL.md documents HTTP endpoints for sessions, transcripts, highlights, todos, topics, contexts, and webhooks. Required binaries (curl, jq) and a single HEDY_API_KEY credential are appropriate for an instruction-only REST-API integration.
Instruction Scope
Runtime instructions are limited to calling Hedy API endpoints and configuring ~/.openclaw/openclaw.json (and Docker sandbox env injection). The doc explicitly warns not to display the API key. No instructions ask the agent to read unrelated files, system secrets, or to transmit data to arbitrary endpoints outside the documented BASE_URLs.
Install Mechanism
No install spec or third-party downloads—this is instruction-only, so there is no code written to disk or remote artifacts fetched by the skill at install time (lowest install risk).
Credentials
Only a single API key (HEDY_API_KEY) is required and it's the expected credential for the documented API. No unrelated credentials, config paths, or broad host auth are requested.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide privileges or to modify other skills' configurations. Its setup asks the user to add its key to the OpenClaw config, which is normal for enabling an integration.
Assessment
This skill appears internally consistent for talking to the Hedy REST API, but note the package/source is listed as unknown and there is no homepage—only install the skill if you trust its origin. Protect the HEDY_API_KEY (store in the platform secret store, not public logs), prefer a scoped/least-privilege API key if Hedy supports it, and rotate the key if you later suspect it's been exposed. If you want extra caution, enable and test the skill in a sandboxed agent environment first and verify API responses come from the documented base URLs (https://api.hedy.bot or https://eu-api.hedy.bot).

Like a lobster shell, security has layers — review code before you run it.

latestvk9758jtp35f1njwnbwa91avt1h8371bb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis
Binscurl, jq
EnvHEDY_API_KEY
Primary envHEDY_API_KEY

Comments