ClawHub

Lap Account V1 Api

v1.0.0

Account v1 API skill. Use when working with Account v1 for custom_policy, fulfillment_policy, payment_policy. Covers 37 endpoints.

0· 99·1 current·1 all-time
by@mickmicksh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md documents ~37 Account API endpoints (custom_policy, fulfillment_policy, payment_policy) and the declared requirement (one credential) is what you'd expect for an API integration.
Instruction Scope
SKILL.md is instruction-only and stays within the API's domain (lists endpoints and basic setup). It is high-level about authentication ('Configure auth: OAuth2') and does not include implementation details or requests to read unrelated files or environment variables. The vagueness around how to obtain/use OAuth tokens means the agent (or integrator) must perform the OAuth flow externally.
Install Mechanism
No install spec and no code files — lowest-risk model for a skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
Only a single env var is required (ACCOUNT_V1_API_KEY), which is proportional to an API wrapper. However, the SKILL.md explicitly states 'OAuth2' auth; the env var name suggests an API key rather than an OAuth client/secret or access token. Confirm what ACCOUNT_V1_API_KEY actually contains (short-lived OAuth access token, client credentials, or a long-lived API key) and ensure its scope is limited.
Persistence & Privilege
always:false and agent-invocation defaults are normal. The skill does not request persistent system-wide changes or access to other skills' configurations.
Assessment
This skill is an instruction-only reference for the eBay Account API and appears coherent with that purpose. Before installing: (1) ask the publisher what ACCOUNT_V1_API_KEY contains (an OAuth access token vs client credentials vs API key) and ensure it is scoped and rotated appropriately; (2) confirm how the OAuth flow should be performed and where access tokens are stored; (3) prefer skills that publish a source or homepage so you can review implementation details; and (4) never provide more credentials than required — if the skill needs a short-lived OAuth token, avoid supplying long-lived credentials with broader permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhz0wgbbzr7jy49w76ef3h583fgqf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvACCOUNT_V1_API_KEY

Comments