2O Human Verification
v1.0.0Human verification for AI agents. Submit claims, draft responses, or observation requests to human domain experts via the 2O API. Returns structured verdicts...
⭐ 0· 185·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description map directly to the runtime instructions: the SKILL.md describes HTTP calls to a 2O API and declares a single required env var (TWO_O_API_KEY). Nothing else (binaries, unrelated credentials, or system paths) is requested, which is proportionate for a hosted verification service.
Instruction Scope
Instructions are narrowly scoped to POSTing user content to https://www.2oapi.xyz endpoints and polling for results; they do not instruct reading local files or other env vars. However, the API accepts highly sensitive domains (medical, legal, identity), witness requests with location and photo options, and an optional callback_url — any of which could expose PII or sensitive content to a third party. This is expected for a human-verification service but is an important privacy risk to surface.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install. This is the lowest-risk install mechanism.
Credentials
Only ONE environment variable (TWO_O_API_KEY) is required and it is directly used in the example API calls. That is proportionate for a hosted API integration. No unrelated secrets or system config paths are requested.
Persistence & Privilege
always:false and no install actions are present. The skill does allow normal autonomous invocation (platform default), which means the agent could call the external API during runs and incur charges — this is expected but worth noting for the user.
Assessment
Before installing or enabling this skill, consider: (1) Verify the provider (https://www.2oapi.xyz) and read their privacy policy and terms — the service will receive any claims, drafts, or location/photos you submit. (2) Avoid sending regulated or highly sensitive personal data (PHI, financial credentials, government IDs) unless you have explicit consent and a contract with the provider. (3) Be cautious with callback_url usage — callbacks can forward results to arbitrary endpoints and could be abused for data exfiltration. (4) The skill can make outbound API calls and will spend credits tied to the API key — monitor usage and billing. (5) If you need higher assurance, ask the publisher for provenance (homepage, company identity, security controls) or prefer a well-known provider. If you plan to use witness/location/photo features or submit sensitive legal/medical content, get explicit user consent and confirm the provider's handling of that data.Like a lobster shell, security has layers — review code before you run it.
agentsvk972ncqsz6bnd6p4pmyctv65j982qzecapivk972ncqsz6bnd6p4pmyctv65j982qzecfact-checkingvk972ncqsz6bnd6p4pmyctv65j982qzechuman-in-the-loopvk972ncqsz6bnd6p4pmyctv65j982qzeclatestvk972ncqsz6bnd6p4pmyctv65j982qzecverificationvk972ncqsz6bnd6p4pmyctv65j982qzec
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvTWO_O_API_KEY