ClawHub

DriftaBot

v1.0.0

Query the DriftaBot Registry for API spec drifts, breaking changes, and provider information. Use when the user asks about API changes, breaking changes, pro...

0· 81·0 current·0 all-time
byPascoal Gomes@pgomes13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say the skill queries a public DriftaBot registry for API drifts; the SKILL.md only requires fetching files from that registry and parsing YAML/markdown — nothing requested is unrelated to that purpose.
Instruction Scope
Runtime instructions are narrowly scoped: fetch provider.companies.yaml, locate repo entries, fetch drift/result.md and spec files from the stated raw.githubusercontent.com base. It only instructs network fetches and YAML/markdown parsing and does not ask to read local files or other env vars. Note: the agent will perform outbound web requests to public GitHub raw URLs, so fetched content is external and should be treated as untrusted.
Install Mechanism
No install spec and no code files — instruction-only skill; nothing is written to disk by an installer.
Credentials
The skill declares no required environment variables, binaries, or credentials. That is proportionate to fetching and summarizing public registry files.
Persistence & Privilege
always is false and there is no install/persistence behavior. The skill does not request elevated or persistent privileges.
Assessment
This skill is low-risk and coherent: it only asks the agent to fetch public files from a DriftaBot GitHub registry and summarize them, and it does not request secrets or install software. Before enabling, consider: (1) confirm you trust the registry GitHub repo (https://github.com/DriftaBot/registry or the metadata homepage) because the agent will fetch and summarize whatever is hosted there; (2) if you require offline or air-gapped operation, do not enable network access; (3) if you rely on these summaries for security- or production-critical decisions, spot-check the raw result.md/spec files yourself to ensure the registry hasn't been tampered with. Otherwise, the skill's scope and requirements are proportional to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fsr9e5dy05qpk5g4kv01hxs839rmg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments