ClawHub

Doubleword API

v1.0.0

Create, submit, monitor, and retrieve asynchronous batch AI inference jobs via the Doubleword API using JSONL files for large or cost-sensitive workloads.

2· 1.8k·0 current·0 all-time
by@pjb157
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Files and SKILL.md consistently describe a Doubleword batch-inference workflow (upload JSONL, create batch, poll, download results) and the included script generates JSONL lines — that matches the stated purpose. However, the package metadata contains no description/homepage and does not declare the API key/environment variable the instructions clearly require, which is an incoherence in the manifest versus runtime needs.
!
Instruction Scope
Runtime instructions call the external domain api.doubleword.ai and instruct use of an Authorization header with $DOUBLEWORD_API_KEY. Aside from the undeclared env var, the instructions stay within the expected scope (create/upload/poll/download). They do not ask the agent to read unrelated system files or secrets, but they do direct network uploads of user-provided JSONL to a third-party endpoint — users should be aware that any data in the batch files will be transmitted off-host.
Install Mechanism
No install spec is present (instruction-only plus a small helper script). No downloads from arbitrary URLs or package installs are performed, so the disk/installation risk is low.
!
Credentials
The SKILL.md repeatedly requires an API key via Authorization: Bearer $DOUBLEWORD_API_KEY, but the skill metadata declares no required env vars or primary credential. Requesting a single service API key would be proportionate for this functionality — the problem is the metadata omission and lack of clarity about expected permissions and where that key is stored or used.
Persistence & Privilege
The skill does not request persistent or elevated privileges; always:false and disable-model-invocation defaults are normal. The skill contains no code that modifies other skills or system-wide configuration.
What to consider before installing
Before installing, verify the following: (1) The skill expects an API key (DOUBLEWORD_API_KEY) but the package metadata doesn't declare it — ask the author to add requires.env and a clear primary credential entry. (2) Confirm the endpoint (https://api.doubleword.ai) and the publisher (provide a homepage or contact) so you can judge trustworthiness; unknown owner + no homepage reduces confidence. (3) Understand that any data in uploaded JSONL files will be sent to the external service; do not include sensitive secrets or PII in batch inputs unless you trust the service and key. (4) Prefer using a scoped/limited API key and test with non-sensitive data first. (5) The included script is a benign JSONL generator (no networking), but double-check network traffic in a controlled environment. If the author cannot justify the missing env declaration and provenance, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk972eq86w1j9yryhnvph1t0cm98006py

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments