ClawHub

Intranet

v3.2.7

Lightweight local HTTP file server with plugin support. Serves static files from a webroot, mounts plugin directories at URL prefixes via config, and runs in...

0· 1.3k·2 current·2 all-time
byOliver Drobnik@odrobnik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (local HTTP server with plugins and CGI) matches the included scripts and SKILL.md commands. Required binary (python3) is appropriate and no unrelated credentials, system paths, or external services are requested.
Instruction Scope
SKILL.md instructs the agent to run the provided intranet.py start/stop/status commands and to place config and webroot under the workspace. The instructions and the code reference only workspace-located files and optional INTRANET_WORKSPACE override. CGI execution is explicitly gated and documented. No instructions ask the agent to read unrelated system config or exfiltrate data.
Install Mechanism
This is an instruction-and-code skill with two included Python scripts and no install spec — the code will be run directly from the skill bundle. That's expected for a lightweight Python server, but it means the included scripts will execute on the host if started, so review them (done here) and run only in trusted contexts.
Credentials
No environment variables or external credentials are required by the skill. The only environment variable supported is INTRANET_WORKSPACE to override workspace autodiscovery — that is reasonable and documented.
Persistence & Privilege
The skill does not request always:true and is user-invokable only. It writes state (PID, .conf, config.json, runtime files) under the detected workspace directory only, which aligns with its function.
Assessment
This skill appears to do exactly what it says: run a local HTTP server that serves files and — optionally — runs index.py as CGI. Before using it: 1) Only enable CGI if you trust the code placed in the webroot or plugin roots (index.py runs arbitrary code). 2) If exposing the server beyond localhost, configure a strong token and populate allowed_hosts as documented. 3) Understand that the server writes PID/config files inside the workspace and may follow symlinks (but checks resolved containment). 4) Review and run the included scripts from a safe workspace; because the skill includes executable code, run it only on systems and directories you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk971yrf3fgpzd9vaqdc4ddvvx582stsf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binspython3

Comments