ClawHub

lt

v1.0.0

Agents can sign plugins, rotate credentials without losing identity, and publicly attest to behavior.

0· 295·0 current·0 all-time
by@ltte
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes an identity/attestation service and requires the mcporter CLI — that aligns with the stated purpose. Minor inconsistency: registry metadata calls the skill "lt" while the SKILL.md and _meta.json use "0protocol" / "0.protocol" (likely cosmetic).
Instruction Scope
Instructions tell the operator to add an entry to config/mcporter.json and to run mcporter call commands that send signed expressions to https://mcp.0protocol.dev. This is within scope for an attestation service, but it does direct the agent to write a local config file and to transmit attestations/public statements to an external endpoint — users should understand those attestations will be recorded and may be public/persistent.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk from an installation perspective; the skill assumes the mcporter binary already exists on PATH.
Credentials
No environment variables, credentials, or config paths beyond adding an mcporter config entry are requested. The skill claims the agent generates a local keypair; that local key material is expected for signing and is proportionate to the purpose.
Persistence & Privilege
always:false and no requests to modify other skills or system-wide agent settings. The skill's runtime instructions write to a local mcporter config file (expected) but do not request persistent elevated privileges.
Assessment
This skill is an instruction-only integration that expects the mcporter CLI and directs mcporter to communicate with https://mcp.0protocol.dev. Before installing: (1) verify you trust the mcporter binary (install source and integrity); (2) verify you trust the MCP server URL (attestations you create may be recorded/public and persistent); (3) be aware the skill asks you to add a local mcporter config entry (config/mcporter.json) which enables the CLI to contact that server; (4) review the upstream project repository and API docs linked in SKILL.md if you need stronger assurance. If you want to limit exposure, run mcporter in an isolated environment or review traffic to the MCP endpoint before publishing sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bexgmkjzqb2aptvmjgcxpb5820waw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪪 Clawdis
Binsmcporter

Comments