ClawHub

Apiclaw Analysis

v0.1.6

Finds winning Amazon products with 14 battle-tested selection strategies & 6-dimension risk assessment. Backed by 200M+ product database. Use when user asks...

0· 192·0 current·0 all-time
by@ryan-srp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, README and the included CLI script all align: they implement Amazon product research workflows and call api.apiclaw.io. Required credential (APICLAW_API_KEY) is appropriate for this purpose; no unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions direct the agent to execute scripts/apiclaw.py for all API calls and to consult the provided reference docs. The SKILL.md also instructs that when a user provides an API key it should be written to config.json in the skill root (fallback to the file). Writing a plaintext key to disk is a legitimate convenience but is a security trade-off worth noting (env var is recommended). Other instructions do not ask the agent to access unrelated system files or credentials.
Install Mechanism
No install spec; this is instruction-first with a single included Python script. No remote downloads, package installs, or unusual install steps are present.
Credentials
Only APICLAW_API_KEY is required and declared as the primary credential. The script reads that env var (and uses config.json as fallback). No additional secrets or unrelated environment variables are requested.
Persistence & Privilege
Skill does not request always:true and does not modify other skills. However SKILL.md recommends saving provided API keys to config.json in the skill directory; that creates on-disk persistence of credentials (the README/SECURITY.md note claims config.json is in .gitignore). Consider whether you want agent-written credentials stored in your workspace.
Assessment
This skill appears to do what it says: it runs a bundled CLI script that queries https://api.apiclaw.io and needs a single APICLAW_API_KEY. Before installing: prefer providing the key via an environment variable rather than letting the skill/agent write it to config.json (plaintext on disk); if you do allow config.json, ensure the skill directory is not committed to version control. Review the included scripts/apiclaw.py yourself (it's small, uses only stdlib urllib) and confirm network calls go only to api.apiclaw.io. Finally, be aware the agent will execute the script to make network requests using your key — only install if you trust the API provider and are comfortable with that key being used for queries.

Like a lobster shell, security has layers — review code before you run it.

latestvk976t60ceh445f01p5r925yvjh839w6a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAPICLAW_API_KEY
Primary envAPICLAW_API_KEY

Comments