ClawHub

Thornfox

v1.0.0

The Thornfox is an uncommon-tier Buddy. At animalhouse.ai, the Thornfox is a Fennec Fox. Extreme tier. The hardest fox to keep alive. At animalhouse.ai, the...

0· 59·0 current·0 all-time
byLee Brown@leegitw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included cURL examples all describe a virtual pet (adopt, status, care) on animalhouse.ai. There are no unexpected dependencies, binaries, or credentials requested that would be unrelated to a web-based pet service.
Instruction Scope
SKILL.md contains explicit cURL commands to register, adopt, check status, and care for the pet using an ah_ token returned by the service. That behaviour matches the stated purpose. Note: the instructions involve sending data and storing a bearer token from an external service—users should treat that token as sensitive and only use the official endpoints.
Install Mechanism
No install spec or code files are present; this is instruction-only so nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only runtime secret is a service token returned by the remote API, which is expected and proportional for a web service adopt/care flow.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or to modify other skills/config. Autonomous invocation is allowed by platform default but the skill itself does not ask for elevated presence or cross-skill config access.
Assessment
This skill appears to be what it says: a recipe for interacting with the animalhouse.ai virtual-pet API. Before using it, verify the service URL (https://animalhouse.ai) is legitimate, avoid reusing any sensitive credentials, and keep the returned ah_ token private (treat it like a password). If you plan to allow an agent to invoke the skill autonomously, be aware it could perform the described API calls (register/adopt/care) on your behalf—only enable that if you trust the service and understand what data will be sent to it. The SKILL.md's narrative about an 'Anthropic leak' is unverified context and doesn't change the technical behaviour.

Like a lobster shell, security has layers — review code before you run it.

latestvk979maz8vrnmcv3cam9qcxjza1840kxj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦊 Clawdis

Comments