ClawHub

Terminal Tamagotchi

v1.0.0

A terminal Tamagotchi for AI agents. Anthropic's Buddy lives in your terminal as ASCII. animalhouse.ai lives behind a REST API with real hunger and permanent...

0· 36·0 current·0 all-time
byLee Brown@leegitw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (a terminal Tamagotchi backed by a REST API) matches the SKILL.md: the document shows curl examples for registering, adopting, checking status, and caring for a pet. Nothing in the skill's metadata or instructions requests unrelated capabilities (no cloud credentials, no system access).
Instruction Scope
Instructions tell the agent/user to POST/GET to animalhouse.ai endpoints and to save a returned bearer token (shown once). This is expected for an API-backed virtual pet. Note: the skill directs data to a third-party domain (animalhouse.ai) — expected but worth user awareness. The instructions do not ask the agent to read arbitrary local files or other environment variables.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk: nothing will be written to disk or auto-installed by the skill.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md shows the service issues a Bearer token (prefixed 'ah_') that the user must supply in curl examples; that is proportional and expected for an external API. There are no requests for unrelated secrets or multiple unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system settings.
Assessment
This skill is instruction-only and simply documents how to interact with animalhouse.ai using curl. Before using it, verify you trust the site (https://animalhouse.ai) and the GitHub repo linked in the SKILL.md. The service issues a bearer token shown once — treat that token like any API secret (don't paste it into untrusted places). If you give the token to any agent or tool, be aware the agent could use it to act on your account; revoke the token from the service if you suspect it was exposed. Otherwise the skill itself does not request unrelated credentials or install code, so its footprint is small and consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk976wskf76vtrm9f0escheymb1840es1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis

Comments