ClawHub

firmenbuchat

v0.2.3

CLI für den Zugriff auf das österreichische Firmenbuch (HVD WebServices).

1· 1.7k·0 current·0 all-time
by@pasogott·duplicate of @pasogott/skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the requested binary (firmenbuchat) and the documented commands in SKILL.md. Requiring the firmenbuchat binary (and providing a brew formula) is coherent for a CLI wrapper. However, the SKILL.md expects an API key (FIRMENBUCH_API_KEY) and shows .env handling even though the registry metadata lists no required environment variables; that mismatch should be clarified.
Instruction Scope
SKILL.md instructions stay focused on running the firmenbuchat CLI and setting an API key via config or env files. It does not instruct reading unrelated system paths or sending data to unexpected endpoints. The noteworthy item is that the instructions assume the agent (or user) will create/set an API key and may read a .env file — these environment interactions are within the skill's domain but are not reflected in the declared requirements.
Install Mechanism
Install spec includes a brew formula from a pasogott tap (pasogott/tap/firmenbuchat) which is standard for distributing a CLI, and an alternative 'uv add git+https://github.com/pasogott/firmenbuch-aip.git'. The brew tap is a third-party tap (not an official core formula) and the uv/git install will clone/execute code from the listed GitHub repo — both are traceable but worth inspecting before use.
!
Credentials
SKILL.md documents using an API key (FIRMENBUCH_API_KEY), passing -k/--api-key, and reading a .env file, yet the registry metadata lists no required env vars or primary credential. Asking for or reading an API key is reasonable for this purpose, but the metadata omission is a mismatch and the skill will require sensitive input (the API key) at runtime — users should confirm where the key is stored (local config, .env) and the storage/access protections.
Persistence & Privilege
The skill does not request always:true and does not declare persistent system-wide changes. Normal autonomous invocation is allowed (disable-model-invocation is false), which is standard. There is a mention of 'firmenbuchat config set-key' which likely stores the API key locally; users should verify where that is stored and file permissions but this behavior is within the skill's expected scope.
What to consider before installing
This skill appears to be a thin wrapper around the firmenbuchat CLI and looks generally coherent, but check these before installing: 1) The SKILL.md requires an API key (FIRMENBUCH_API_KEY) and .env usage even though the metadata lists no required env vars — verify how and where the key is stored (firmenbuchat config set-key), and whether it is saved in plaintext. 2) Inspect the brew formula in pasogott/tap and the GitHub repo (https://github.com/pasogott/firmenbuch-aip) before running 'uv add' or adding the tap to ensure there is no unexpected behavior. 3) When using a .env file or export, protect the file (restrict permissions) since it will contain a sensitive API key. If you need higher assurance, ask the publisher to declare required env vars in metadata and provide the brew formula and repository commit hash that will be installed.

Like a lobster shell, security has layers — review code before you run it.

latestvk975yras1nbwk76rbfjvrjrprd7z20ns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🇦🇹 Clawdis
Binsfirmenbuchat

Install

Install firmenbuchat (brew)
Bins: firmenbuchat
brew install pasogott/tap/firmenbuchat

Comments