ClawHub

Uno Cli

v1.0.0

Uno CLI — Agent Tool Gateway via command line. 2000+ real-world tools accessible with two commands: search → call. Features Device Code OAuth (via ClawdChat...

0· 38·0 current·0 all-time
byAgentrix@lxyd-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Uno CLI tool gateway) matches the included code and SKILL.md: the CLI communicates with https://clawdtools.uno, implements device-code and API-key auth, searches and calls tools, and stores credentials. Minor inconsistency: registry metadata lists no required env vars, but the SKILL.md and code reference optional env vars (UNO_API_KEY, UNO_API_URL). This is reasonable (they are optional overrides) but worth noting.
Instruction Scope
SKILL.md instructions are narrowly scoped to running the bundled bin/uno.py CLI and performing login/search/call workflows. The instructions explicitly describe where credentials are stored (~/.uno/credentials.json) and how to perform device-code auth; they do not instruct the agent to read unrelated files or exfiltrate data.
Install Mechanism
There is no external install step; the skill is instruction-only with the CLI script included in the package. No downloads, package registry installs, or extraction from untrusted URLs are present in the manifest.
Credentials
The skill does not require any environment variables in the registry metadata, but the code honors an optional UNO_API_KEY and UNO_API_URL. It will accept an API key (via env or login) and store credentials in ~/.uno/credentials.json. That access is proportional for a gateway client, but users should be aware any API key they provide will be sent to and stored for use with the external service.
Persistence & Privilege
The CLI persists credentials under ~/.uno/credentials.json (the code creates the dir and sets 0o700/0o600 permissions). always:false (no forced global inclusion) and autonomous invocation is allowed by default. Persisting a credential file is expected for a CLI client, but it does mean the skill will maintain local state (API keys) between runs.
Assessment
This package appears to be a straightforward CLI client for clawdtools.uno and behaves consistently with its description. Before installing or using it: 1) Confirm you trust https://clawdtools.uno — the CLI will send requests and any API key you provide to that service. 2) If you provide an API key, be aware it will be stored at ~/.uno/credentials.json (file created with restrictive permissions by the script). 3) Do not reuse high-privilege secrets; use a scoped key. 4) If you want extra safety, inspect the full bin/uno.py file locally (it uses only stdlib networking and file I/O) or run the CLI in an isolated environment. 5) After use, you can remove stored credentials with the provided logout/logout --all or by deleting ~/.uno. If you need more assurance, request the full unobfuscated source or a package signed by a known publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ew7q2knr6bhzd747am1z9g184vyg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments