ClawHub

otta-cli

v0.1.1

Use `otta-cli` to automate `otta.fi` workflows from terminal. This tool is usually used for tracking working time, absences, and sick leaves: authenticate, i...

0· 502·0 current·0 all-time
byNikita R@mekedron
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description and the SKILL.md consistently describe CLI-first automation for otta.fi time-tracking (list/add/update/delete worktimes, absences, calendar/holidays, auth). All environment variables and commands referenced are relevant to operating a CLI that talks to an Otta API.
Instruction Scope
Instructions are narrowly scoped to running the 'otta' binary, validating dates/times, refreshing cached metadata, and handling failures. They do not instruct reading unrelated host files or transmitting data to unexpected endpoints. They explicitly recommend JSON-format output and not printing raw credentials.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, so it will not write or execute additional code on disk by itself. The SKILL.md points to the upstream GitHub repo but does not download or run code automatically.
Credentials
The SKILL.md documents a number of OTTA_CLI_* environment variables (username, password, tokens, API base URL, user/worktimegroup IDs). These are all reasonable for a CLI that authenticates and operates against an API. Registry metadata lists no required env vars, which is consistent (the variables appear optional depending on usage), but you should be aware that supplying username/password or access tokens grants the CLI access to the user's Otta account—appropriate for the described functionality but sensitive in practice.
Persistence & Privilege
The skill does not request always:true, does not install or persist changes to other skills, and has no privileged persistence behavior. Autonomous invocation is allowed (platform default) but is not combined with unusually broad credentials or presence.
Assessment
This skill is an instruction-only helper for the otta-cli binary and looks internally consistent. Before installing: (1) ensure you have the official otta-cli binary from the referenced GitHub repo or other trusted source (the skill itself does not install code), (2) avoid passing plaintext passwords on the command line—use --password-stdin or tokens and CI secret storage, (3) be careful when supplying OTTA_CLI_API_BASE_URL or other env vars: confirm they point to the legitimate otta.fi API to avoid redirecting traffic to an attacker-controlled endpoint, and (4) if you will allow autonomous agent invocation, be mindful that any credentials you provide (username/password or access token) let the CLI act on your Otta account. If you want a stricter review, provide the actual otta-cli release binary/source URL and verification hashes so the binary source can be audited.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fwj2rvbfg5xqg1dter12h581nz3k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments