ClawHub

Eagle Skill

v1.0.0

Control Eagle application for digital asset management - search, organize, tag items, manage folders and tag groups. Use when user wants to interact with the...

0· 71·1 current·1 all-time
by长安@roaycl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to control the local Eagle application and the included CLI script appears to target Eagle's local MCP API (port 41596), which matches the stated purpose. Minor inconsistency: SKILL.md and examples rely on the 'node' runtime, but the registry metadata lists no required binaries — the skill effectively requires Node.js to run the bundled script.
Instruction Scope
SKILL.md instructs the agent (or user) to run the included Node.js CLI which calls the local Eagle MCP API. The instructions do not ask the agent to read unrelated host files or environment variables, nor to send data to non-Eagle endpoints in the documentation.
Install Mechanism
There is no install spec and no downloads; the skill ships a single self-contained Node.js script that will be executed when invoked. This is lower risk than remote downloads, but executing bundled code still requires trust and review.
Credentials
No environment variables, credentials, or config paths are requested. The skill's access needs (local API on port 41596) are proportional to its purpose.
Persistence & Privilege
always:false and no persistence or system-wide config changes are requested. The skill does not request permanent inclusion or special privileges.
Assessment
This skill appears to be a local CLI wrapper for the Eagle application and is internally consistent, but review the included script before running. Practical steps: (1) ensure you have Node.js installed (SKILL.md assumes 'node' even though the registry didn't list it); (2) inspect scripts/eagle-api-cli.js for any outbound network requests or filesystem operations you don't expect; (3) only use it if your Eagle MCP plugin (local API) is trusted and you consent to the CLI controlling your local Eagle library; (4) if unsure, run the script in a restricted environment (VM or container) or ask the publisher for source verification.
scripts/eagle-api-cli.js:1348
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk977dneba695ah9t8f2jngxp1x83hxvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments