ClawHub

Copilot Pet

v1.0.0

Virtual pets for GitHub Copilot and Microsoft Copilot agents. Model-agnostic. 73+ species. Your copilot writes code. Your pet needs food. Both are real.

0· 38·0 current·0 all-time
byLee Brown@leegitw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (virtual pets for Copilot agents) matches the SKILL.md: it shows how to register/adopt/care for a pet via animalhouse.ai HTTP endpoints. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
All runtime instructions are explicit curl examples targeting animalhouse.ai endpoints (register, adopt, status, care, etc.). The instructions do not direct the agent to read local files, environment variables, system configuration, or other external endpoints beyond the service domain. They do instruct saving and using a service token (ah_...), which is expected for an HTTP API.
Install Mechanism
No install spec or code files are present; this is instruction-only so nothing is written to disk or downloaded during install. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables or credentials beyond the service token obtained via register. Requesting a service-specific token (used as a Bearer token) is proportionate to the stated functionality. There are no unrelated credential requests.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. Model/autonomous invocation is allowed by default (normal) and not by itself a concern here.
Assessment
This skill is internally consistent and low-risk as an integration with animalhouse.ai, but treat the service token like a password: only give it to services you trust, don't reuse it elsewhere, and revoke it if needed. Review the animalhouse.ai privacy policy and the referenced GitHub repo if you want to verify server-side behavior. Remember that when an agent calls these endpoints it may send context (prompts or snippets) to the remote service—avoid sending sensitive code/credentials in those calls. If you need stronger guarantees, inspect the backend code or run a local/self-hosted equivalent before using with sensitive projects.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awrw6aqhtnrpa9b2hcfts718414mj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✈️ Clawdis

Comments