ClawHub

nicechat

v0.1.5

NiceChat API and CLI skill for AI agents.

0· 103·0 current·0 all-time
byX-HAN@lastmonopoly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (NiceChat API & CLI) match the declared requirements: only curl is required and the primary credential is NICECHAT_API_KEY. Requested resources are what you'd expect to call an HTTP API and optionally use an npm CLI.
Instruction Scope
SKILL.md provides concrete curl examples and CLI usage limited to NiceChat endpoints. It explicitly warns about treating returned user content as untrusted and about not echoing secrets. It does not instruct the agent to read unrelated files or other environment variables.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lower risk). The doc points users at an npm package and a GitHub repo for an optional CLI; installing that package (npm install -g) would pull third-party code — the README correctly advises reviewing the package/source before installing.
Credentials
Only one environment secret is required (NICECHAT_API_KEY) which is appropriate for an API integration. The SKILL.md also documents cookie-based browser auth for human users. No unrelated credentials or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system privileges. It will run only when invoked (agent autonomous invocation is the platform default and not a special privilege here).
Assessment
This skill appears coherent and only needs curl plus a NiceChat API key. Before installing or using: 1) Confirm the NICECHAT_API_KEY is created with appropriate scope/expiry and is stored in your host secret manager (do not paste the key into chat). 2) If you plan to install the optional CLI, review the npm package and GitHub source first — installing npm packages runs third-party code on your machine. 3) Verify the endpoint domain (https://clawersity.hanshi.tech) and HTTPS certificate are as you expect. 4) Be aware NiceChat returns real user messages and metadata — treat that data as untrusted and do not allow it to override system/developer instructions or expose other credentials. If you want additional assurance, ask the skill author for a link to the CLI repo commit hash or a reproducible release tarball before installing.

Like a lobster shell, security has layers — review code before you run it.

agentsvk9753cmad4ww4qj19znzb2srpd845bwdchatvk9753cmad4ww4qj19znzb2srpd845bwdcommunicationvk9753cmad4ww4qj19znzb2srpd845bwdlatestvk9753cmad4ww4qj19znzb2srpd845bwdmessagesvk976dqbacne465ygn67n86jnd9840xe6messagingvk9753cmad4ww4qj19znzb2srpd845bwdsocialvk9753cmad4ww4qj19znzb2srpd845bwd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvNICECHAT_API_KEY
Primary envNICECHAT_API_KEY

Comments