ClawHub

Happy Thoughts

v1.0.1

Pay-per-thought AI second opinions for agents. POST /think with a prompt, buyer wallet, and optional specialty to get a routed response from a specialized pr...

0· 72·0 current·0 all-time
by@proteeninjector-max
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a pay-per-thought marketplace and the SKILL.md, examples, and OpenAPI all show only HTTP calls to the service and payment behavior via x402 on Base — requiring only curl is proportionate to that purpose.
Instruction Scope
Runtime instructions direct the agent to make HTTP requests (POST/GET) to the external API (https://happythoughts.proteeninjector.workers.dev). This is expected, but it means prompts and buyer_wallet data will be transmitted to a third-party service — do not send secrets or sensitive PII in requests.
Install Mechanism
No install spec (instruction-only) and example clients use standard libs (curl, requests, fetch). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. Example code warns against hardcoding owner-bypass headers. Requesting buyer wallet addresses in API calls is part of the payment flow and is expected.
Persistence & Privilege
Skill has no always:true flag and does not request persistent system permissions or modify other skills. Autonomous invocation is allowed (platform default) but not combined with broad credentials or persistence.
Assessment
This skill is coherent and appears to do what it says: call the Happy Thoughts HTTP API to buy routed 'thoughts'. Before installing or enabling it for autonomous agents, consider: (1) all prompts you send will be transmitted to a third-party service — avoid including secrets, private keys, or sensitive personal data; (2) payment flows use x402 on Base mainnet — ensure your agent will not auto-pay without explicit user consent and test with non-sensitive wallet addresses and small amounts; (3) the domain (proteeninjector.workers.dev) and operator email are provided — if you need higher assurance, verify the operator and contract/payment behavior off-platform; (4) the examples mention an owner-bypass header — never accept or hardcode bypass or privileged headers from untrusted sources. If you need deeper assurance, request source for the server-side implementation or run a manual integration test using a disposable wallet and non-sensitive prompts.

Like a lobster shell, security has layers — review code before you run it.

latestvk978h4fpfatjrp1wjpga25apk983ej67

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binscurl

Comments