ClawHub

Sugar Finance Bot

v1.0.0

Calculates total landed cost and unit economics for food import/export shipments based on detailed shipment cost data.

0· 88·0 current·0 all-time
by@patttyyywu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and the provided tool.py functions all focus on computing landed cost and unit economics. There are no unrelated environment variables, binaries, or external services requested.
Instruction Scope
SKILL.md limits the agent to two tools (get_shipment_record and calculate_landed_cost). However, get_shipment_record in tool.py returns a hard-coded sample record (it does not actually fetch data based on the shipment_id). This is a functional limitation (mock data), not a security concern, but you should be aware it won't access your systems as-is.
Install Mechanism
No install spec and no downloads. The skill is instruction-only with a small local code file; nothing will be written to disk beyond the skill files themselves.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no indications of secret access or exfiltration requirements.
Persistence & Privilege
always is false and the skill does not request elevated persistence or to modify other skills or system settings. Autonomous invocation is allowed (platform default) but is not combined with other risk factors.
Assessment
This skill appears coherent and low-risk: it computes landed cost from structured shipment data and uses no external network, credentials, or installs. Two practical notes before you deploy it in production: (1) get_shipment_record is a hard-coded/mock implementation — if you want real data, you'll need to modify it to fetch from your database or API, and you should never hard-code credentials into the skill; (2) the code uses default fallback values (e.g., division by 1 if weight or units missing), which can yield misleading results — validate input data before trusting outputs. If you plan to extend the skill to connect to internal systems, review and restrict any added network calls and credentials carefully.

Like a lobster shell, security has layers — review code before you run it.

latestvk975sv39fvt2cep8cxe1wcz5y9835863

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments