ClawHub

logicx-skill-test

v0.0.8

Call LogicX frontend proxy APIs for health checks, browser binding, password login, user info, orders, payments, and account actions.

0· 215·0 current·0 all-time
byEvan Yang@qihangyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implemented behavior: two bash scripts that call LogicX frontend proxy endpoints via curl. Required binaries (curl, bash) are appropriate. Everything requested and present (scripts, examples, API reference) aligns with a client/agent integration for LogicX.
Instruction Scope
SKILL.md is specific: it confines calls to /api/proxy/* or /api/health, requires confirmation before mutating calls, and instructs use of the provided scripts only. The scripts implement the documented flows (browser binding, password fallback). Notable behavior: the scripts auto-save and load link state and user_token to/from ~/.config/logicx/skill-state.json and will export LOGICX_USER_TOKEN when the script runs; the skill instructs not to echo tokens and the scripts do not print tokens explicitly, but token persistence and use are active and worth noticing.
Install Mechanism
No install/download step is specified (instruction-only plus included scripts). There is no network fetch/installation at runtime beyond contacting the LogicX API. This represents a low install risk.
Credentials
The skill requests no declared environment variables but uses sensible defaults (LOGICX_BASE_URL, LOGICX_AGENT_SERVICE_KEY=openclaw-public) and requires LOGICX_USER_TOKEN for user-scoped calls (it will load this from the local state file if not set). This is proportionate to the described functionality, but the default LOGICX_BASE_URL is a raw IP (http://43.139.104.95:8070) rather than an official domain — you should verify the legitimacy of that host before using the skill.
Persistence & Privilege
The skill persists state (link_code, install_id, user_token) to a file in the user's home (~/.config/logicx/skill-state.json) with 600 permissions. always:false and no system-wide modifications are present. Persisting a user token locally is expected for this auth flow but increases local persistence surface that you may want to manage (inspect, delete, revoke) yourself.
Assessment
This skill appears to do what it says: it uses the included bash scripts to call only the frontend proxy endpoints and stores a user token locally for authenticated calls. Before installing or using it, verify that the base URL/IP (http://43.139.104.95:8070) and the skill's publisher are trustworthy. Prefer the browser-binding flow (do not paste your password into chat unless you explicitly choose the password login fallback). Be aware the skill will create ~/.config/logicx/skill-state.json containing link state or a user_token (file permissions are set to 600). If you stop using the skill, remove that file and/or revoke the token in your LogicX account. If you need stronger assurance, run the scripts in an isolated environment or ask the publisher for an official domain and provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97easmps5mnekhqe87pby97x5836jdq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
Binscurl, bash

Comments