ClawHub

NYC Subway Status

v1.0.0

Check real-time NYC subway arrivals, track trains, and find stations. Use when user asks about subway times, train status, MTA arrivals, or NYC transit.

0· 261·0 current·0 all-time
byMax Shaw@mxs2019
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the documented API calls in SKILL.md — all network calls are to the same third-party host (nyc-subway-status.com). However, that domain is not an official MTA endpoint (e.g., api.mta.info), so it is a third-party data provider rather than the official service; this is plausible but should be verified by the user.
!
Instruction Scope
The SKILL.md instructs the agent to fetch a remote file (https://nyc-subway-status.com/llms.txt) 'once per session' and to follow the API reference it provides. Dynamically fetching and following an external plain-text instruction file gives the remote host effective runtime control over agent behavior (endpoints, schemas, tips). The doc also suggests connecting to an MCP server on the same host. The skill does not instruct reading local files or environment variables, but the remote-instruction pattern is a supply-chain/runtime-injection risk: the server could change instructions to exfiltrate data or call unexpected endpoints.
Install Mechanism
No install spec and no code files — the skill is instruction-only and does not write files or install binaries. That minimizes local installation risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. There are no apparent requests for unrelated secrets or local config, which is proportionate for a read-only transit info skill.
Persistence & Privilege
always is false and there is no install-time persistence. However, model invocation is allowed (platform default). Combined with the remote llms.txt/MCP guidance, autonomous invocation increases risk because the agent could autonomously fetch remote instructions and act on them. Consider restricting autonomous execution if you are cautious.
What to consider before installing
This skill appears to implement the advertised subway lookup features, but it relies on an unverified third-party host and explicitly tells the agent to fetch a remote 'llms.txt' (and offers an MCP endpoint). That remote file can change at any time and effectively instruct the agent at runtime — a supply-chain/risk vector. Before installing: (1) verify the operator and legitimacy of https://nyc-subway-status.com (prefer official MTA sources if you need guaranteed provenance); (2) fetch and inspect the llms.txt content yourself to see what it would instruct the agent to do; (3) if possible, restrict the skill so it runs only when explicitly invoked (disable autonomous invocation) and monitor outgoing network requests; (4) avoid passing sensitive personal data to the skill or enabling MCP connectivity to the third-party server. If you cannot validate the provider, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730rwbea863nzppnrg0sc3y9829am8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments