Neckr0ik Automation Templates
v1.0.0Ready-to-use automation templates for n8n, Make.com, and Zapier. Pre-built workflows for common use cases. Copy, customize, deploy. Use when you need quick a...
⭐ 0· 284·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included artifacts: templates described for n8n/Make/Zapier and a Python script (scripts/templates.py) that embeds template data and provides list/get/search/generate functionality. Minor inconsistencies: SKILL.md and 'See Also' reference a templates/ directory and scripts/generator.py, but the package contains an embedded TEMPLATES dict in scripts/templates.py instead of separate template files or a generator.py entrypoint. The claw.json dependency on pyyaml is reasonable for templates. These mismatches look like sloppy docs/packaging rather than malicious intent.
Instruction Scope
SKILL.md only instructs the agent/user to list, get, search, and generate templates and to copy/paste resulting workflow JSON into the target automation platform. It does not instruct reading unrelated system files or exfiltrating data. However, the documentation assumes a CLI named 'neckr0ik-automation-templates' that is not provided by an install spec—so runtime instructions may not work as-written without the user creating an entrypoint. The docs also tell users to populate API keys/webhook URLs in templates (expected), so users should avoid pasting real secrets into public/unsandboxed locations.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The package does include a Python script and a declared dependency on pyyaml; there is no remote URL download or archive extraction. The missing install/entrypoint means the CLI commands referenced in SKILL.md are inconsistent with the provided files — likely a packaging/documentation oversight rather than an install-related threat.
Credentials
The templates include placeholders for API keys and webhooks (Slack webhook, Airtable API key, Google Sheet IDs, etc.), which is expected for automation templates. The skill does not request environment variables, credentials, or config paths from the agent itself. No unrelated secrets or credentials are required by the package.
Persistence & Privilege
Flags show always: false and normal user-invocable/autonomous settings. The skill does not request permanent presence or elevated privileges, nor does it attempt to modify other skills or system-wide settings.
Assessment
This package looks like a legitimate templates bundle, but note a few practical issues before installing/using it: 1) The SKILL.md refers to a CLI 'neckr0ik-automation-templates', a templates/ folder, and scripts/generator.py that are not present — you'll likely need to run scripts/templates.py directly or add an entrypoint yourself. 2) The templates contain placeholders for API keys and webhook URLs; never paste production secrets into files or public places — prefer using platform secrets/password stores or environment variables in the target automation platform. 3) Inspect the templates (open the JSON objects in scripts/templates.py or any template files) to ensure no unexpected external endpoints or hard-coded secrets are present before importing into your automation platform. 4) If you need the documentation to match the package, ask the author for a proper install/entrypoint and the missing templates/ generator files. If you want extra caution, run the script in a local/sandbox environment and review all template contents before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97da0ycsnz8v2bhmjat0zatah82dp78
License
MIT-0
Free to use, modify, and redistribute. No attribution required.