ClawHub

list-running-starred-services

v1.0.1

Use this skill when you need to call bytedcli tce list-starred-service and print the raw original output directly.

0· 79·0 current·0 all-time
by@plusplus7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's description and SKILL.md both say to run `bytedcli tce list-starred-service` and print the raw output. The only minor inconsistency is the skill name includes the word "running" (list-running-starred-services) while the command refers to "list-starred-service", but this is likely a naming quirk rather than functional mismatch.
Instruction Scope
Instructions are narrow and explicit: run the single CLI command and return output unmodified. However, the skill tells the agent to print raw output without post-processing, which may reveal sensitive data that the CLI returns (credentials, tokens, internal identifiers). The SKILL.md does not declare the dependency on the `bytedcli` binary or any credentials/config files it may consult.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install mechanism.
Credentials
The skill declares no required environment variables or credentials. In practice `bytedcli` may rely on locally stored credentials/config (e.g., token files, environment vars). The absence of declared env/credential requirements is not a functional mismatch but means users should be aware the CLI may access local auth material when run.
Persistence & Privilege
always is false and there is no install or config writing. The included agents/openai.yaml sets allow_implicit_invocation: true (allows the agent to invoke the skill when relevant), which is normal for small utility skills and not excessive here.
Assessment
This skill simply runs `bytedcli tce list-starred-service` and prints the raw output. Before installing or using it, confirm that: (1) you have the `bytedcli` binary you expect and trust (the SKILL.md doesn't install it), (2) you understand that the raw CLI output may contain sensitive information or tokens from local CLI auth/config, and you're comfortable exposing that to the agent, and (3) you are okay with the agent implicitly invoking the skill when relevant (allow_implicit_invocation is enabled). If you want safer behavior, ask for the skill to: declare the `bytedcli` dependency, document which credentials/config it reads, or add an option to redact or filter sensitive fields instead of always printing raw output.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kcgyzvpqvcjh59kf35xz5983qy6t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments