Hiveram

This skill appears to be what it says (an OpenClaw coordination layer using the workledger CLI) but there are a few red flags to review before installing: - Metadata mismatch: the registry declares no required env vars/config paths, but the SKILL.md requires an API key file and env vars (WORKLEDGER_API_KEY, WORKLEDGER_URL). Treat the API key as sensitive and confirm why the metadata omits it. - Secret handling: the instructions ask you to store the key in ~/.openclaw/workledger.key and export it. Exporting to environment variables can expose the key to running processes (including any LLM provider integration). Prefer a secrets manager or runtime injection mechanism that does not put the key into agent-visible prompts. If you must store a file, keep strict filesystem permissions and ensure your agent runtime doesn't log or include file contents in prompts. - Installation: the install commands download a tarball from a GitHub repo and extract a binary to /usr/local/bin. Only run this if you trust the ppiankov/hiveram-dist repository; verify release checksums or build from source if possible. The install requires write permissions to system paths. - Endpoint mismatch: the doc mentions the public site (hiveram.com) but sets WORKLEDGER_URL to a fly.dev host. Ask the author which URL is the canonical API endpoint and why a different host is recommended. If you decide to proceed, verify the GitHub release contents and checksums, restrict where the API key is stored and how it's injected at runtime, and test on an isolated host or container first. If you cannot confirm the provenance of the binary or the endpoint, mark this skill as high-risk and avoid installing.