ClawHub

Ezer Multi-Agent Report Auditor

v1.0.0

Wrapper skill for the Ezer audit backend API. Use this skill when the user asks to run a financial audit task by code/period/year/lang and return structured...

0· 78·0 current·0 all-time
by@mx-222
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the script POSTs to /api/tasks and polls /api/tasks/{id}/result. Declared requirements (python3, EZER_API_BASE_URL) are exactly what the script needs.
Instruction Scope
SKILL.md instructs running the included Python script with the expected arguments and environment variable. The instructions and script only perform HTTP calls to the configured EZER_API_BASE_URL and do not read other files, system paths, or unrelated environment variables.
Install Mechanism
No install spec; the skill is instruction-only plus a small included script. Nothing is downloaded or extracted at install time. Required runtime binary is only python3, which is reasonable.
Credentials
Only EZER_API_BASE_URL is required and EZER_BEARER_TOKEN is optional. These are proportionate for an API wrapper. No unrelated secrets or many environment variables are requested.
Persistence & Privilege
always:false and default invocation behavior are set. The skill does not request persistent system privileges or modify other skills/config; it only makes outbound HTTP requests to the configured base URL.
Assessment
This skill appears to do exactly what it claims, but review these operational cautions before enabling it: 1) Ensure EZER_API_BASE_URL points to a trusted Ezer backend (prefer HTTPS) — the script will make network requests to whatever you set, including internal network addresses. 2) Only provide EZER_BEARER_TOKEN if necessary and treat it as a secret with least privilege; rotate it if exposed. 3) The script prints the full JSON response to stdout which may include sensitive data — consider where the output will be stored or forwarded. 4) If you need stronger isolation, run the skill in a restricted environment or network namespace. The included Python source is small and readable; review it yourself if you want to confirm there is no additional data exfiltration beyond contacting the configured API endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9796wm5dkzgh3r58dxk84gf4x83get1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvEZER_API_BASE_URL

Comments