ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tper-hellobus

v0.0.2

Get real-time and scheduled bus arrival times for TPER buses in Bologna and Ferrara, Italy. Use this skill whenever the user mentions TPER, bus stop codes (n...

0· 336·0 current·0 all-time
byrolench@lore2601
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TPER bus times for Bologna/Ferrara) match the runtime instructions which call the public Hellobus API. No unexplained credentials, binaries, or unrelated services are requested.
Instruction Scope
SKILL.md confines actions to parsing user input, converting times, and calling the documented API via curl, then formatting the response. It does not instruct reading local files, accessing unrelated environment variables, or sending data to endpoints other than the documented TPER API.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or fetched during install. This is the lowest-risk model and is appropriate for the described functionality.
Credentials
No environment variables, credentials, or config paths are required. The documented need for network access to hellobuswsweb.tper.it is proportionate to the skill's purpose.
Persistence & Privilege
The skill is not force-installed (always: false) and does not ask to modify other skills or system settings. Autonomous invocation is allowed (platform default) and is reasonable for a query-style skill.
Assessment
This skill is coherent and only needs network access to the public TPER Hellobus API (hellobuswsweb.tper.it). Before enabling: ensure you are comfortable allowing outbound requests to that domain, add it to your agent's domain whitelist, and be aware queries (stop code, line, time) will be sent to the external API. No credentials are required. Consider rate limits or occasional API downtime; test with the provided sample stop/line values first. If you need stricter privacy controls, avoid enabling network access or confirm your environment's logging/policy for outbound requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk972r9ygnzexmdwggjxb036ra5821jz3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments