meegle-api
v1.0.3Meegle Open API skills index. Read credentials first; missing credentials → see meegle-api-credentials and remind user where to get them.
⭐ 2· 751·0 current·0 all-time
byDaniel@pkycy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is an index and collection of Meegle OpenAPI sub-skills. The five required env vars (plugin id/secret, domain, project_key, user_key) are appropriate and expected for calling Meegle APIs and obtaining tokens. Nothing requested is unrelated to the stated purpose.
Instruction Scope
Runtime instructions direct the agent to read the included SKILL.md files (read-file) and to read the separate credentials file (meegle-api-credentials) before making API calls — this is appropriate. The README/SKILL.md also instructs placing credentials into the user's OpenClaw config file (~/.openclaw/openclaw.json) and to cache plugin_access_token within the session. That file-path recommendation is outside the skill directory and is prescriptive; it should be reviewed by the user (see guidance).
Install Mechanism
This is instruction-only with no install spec and no code files to execute. Lowest-risk install model (nothing is downloaded or written by an installer).
Credentials
The set of required environment variables is small and directly related to Meegle API auth and context. They are sensitive (plugin_secret, user_key), but their presence is justified by the skill’s purpose. The skill does recommend storing these in ~/.openclaw/openclaw.json (not declared as a required config path), which is a configuration choice rather than unexplained credential access.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills. Its only persistence-related guidance is to cache plugin_access_token within a session (typical for API clients) and to store credentials in the user's OpenClaw config under the skill's own entry — this is standard but should be consciously approved by the user.
Assessment
This skill is an organized set of API call templates for Meegle and appears coherent with its stated purpose. Before installing: (1) review the included meegle-api-credentials SKILL.md to confirm exactly how tokens are obtained and where secrets are used; (2) be aware the README instructs you to store credentials in ~/.openclaw/openclaw.json under skills.entries["meegle-api"].env — that's a config file on your machine, so only add secrets there if you trust the skill and understand how OpenClaw protects that file; (3) consider using short-lived user_access_token or limited-scope plugin credentials where possible and avoid storing long-lived secrets in plaintext; (4) since the package relies on read-file semantics, ensure you trust the skill pack contents (it will read the SKILL.md files you installed); and (5) if you need stricter isolation, prefer providing per-session tokens at runtime rather than permanent entries in global config.Like a lobster shell, security has layers — review code before you run it.
latestvk97af58mg05hfdb79h2y1ff42181v1d8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvMEEGLE_PLUGIN_ID, MEEGLE_PLUGIN_SECRET, MEEGLE_DOMAIN, MEEGLE_PROJECT_KEY, MEEGLE_USER_KEY