ClawHub

Mirrory - MVP

v1.0.0

Token generation and validation service for WordPress proxy and desktop application session management.

0· 68·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim a token generation/validation API for WordPress proxies and desktop apps; the SKILL.md and openapi.json provide matching endpoints (/generate-token, /validate-token, /health) and expected request fields (wp_user_id, proxy_secret, token, machine_id). Nothing requested by the skill (no env vars, no installs) is disproportionate to that purpose.
Instruction Scope
SKILL.md only documents API usage, parameters, responses, pricing, and example requests. It does not instruct the agent to read local files, environment secrets, or unrelated system state, nor does it direct data to unexpected endpoints beyond the documented external API URLs. The proxy_secret is passed as a request field (expected for this API) rather than being requested as an agent-level credential.
Install Mechanism
There is no install spec and no code files to write to disk (instruction-only). This minimizes install-time risk; nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. The API protocol uses a proxy_secret supplied in requests (an API-level secret) — that is reasonable for this purpose, but users should ensure such secrets are handled securely when integrating (not stored in plain agent prompts or logs).
Persistence & Privilege
always is false and there is no requested persistent presence or modifications to agent/system configuration. The skill can be invoked by the model (normal), but it does not request elevated privileges or autonomous persistence beyond standard invocation.
Assessment
This skill is an API spec (no code) and appears coherent with its described function. Before installing or using it: 1) Verify the provider and endpoints (toolweb.in links) and confirm you trust the service owner because no homepage/source code is included. 2) Ensure any proxy_secret or tokens are transmitted only to the documented HTTPS endpoints and are stored/rotated securely by your integration (avoid embedding secrets in agent prompts or logs). 3) Review pricing and rate limits for your expected volume. 4) If you allow the agent to call this skill autonomously, apply usage limits or monitoring so token creation/validation cannot be abused. 5) Consider testing in a staging environment before production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk4vgp6zamwqz9xgg4wsyyh84apgg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments