ClawHub

Manus Skill - Operate Manus through Openclaw

v1.0.2

Interact with the Manus AI agent platform via its REST API. Use this skill whenever the user mentions Manus, manus.ai, Manus API, Manus tasks, Manus projects...

0· 93·0 current·0 all-time
by@krishbhimani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, API reference, and the included Python script all implement Manus API interactions (create/list/poll tasks, upload files, manage sessions). Requiring MANUS_API_KEY is proportional and expected for this purpose; no unrelated credentials or system-level access are requested.
Instruction Scope
Instructions and the script perform network calls only to the documented Manus endpoints and handle session tracking. They also instruct the agent to write a local registry file (.manus_sessions.json) that will contain prompts, task IDs, and URLs — this is within scope for session management but is sensitive data and the docs explicitly recommend adding it to .gitignore.
Install Mechanism
This is an instruction-only skill with no install spec. The only runtime dependency observed is the Python 'requests' library (the script exits if it's missing), but no install mechanism is provided; this is low-risk but the missing dependency declaration is a usability note rather than a security red flag.
Credentials
Only MANUS_API_KEY is required (declared as primary). That is proportionate to a REST-API integration. The script reads that env var and no other secrets or unexpected environment/config paths are referenced.
Persistence & Privilege
always:false (normal). The skill writes a local session registry (.manus_sessions.json) to the project root; this persistent file stores prompts and metadata which could be sensitive. The skill does not request elevation or modify other skills or global agent settings.
Assessment
This skill appears to do what it says (talk to Manus). Before installing or using it: 1) Treat .manus_sessions.json as sensitive — keep it out of source control (SKILL.md already suggests adding it to .gitignore) or change the session_file location to a secure path. 2) Provide a Manus API key with the minimum permissions possible and monitor its usage (every POST /v1/tasks can consume credits). 3) The Python script requires the 'requests' package but the skill bundle does not install dependencies automatically — ensure your environment provides it. 4) Review scripts/manus_session.py yourself (it's included) to confirm there is no behavior you find unacceptable (it appears straightforward and non-obfuscated). 5) If you use this in a shared repo or CI, consider isolating the session registry and rotating keys if leaked. If you want additional assurance, run the script in a sandboxed environment and inspect network traffic to confirm calls go only to api.manus.ai and legitimate S3 upload URLs.

Like a lobster shell, security has layers — review code before you run it.

latestvk974j17a5s807mmtbtb68gx60983npcr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMANUS_API_KEY
Primary envMANUS_API_KEY

Comments