ClawHub

Quotly Style Sticker

v1.4.3

Generate QuotLy-style stickers from forwarded messages and return one MEDIA path for auto-send. Use when users ask to create quote stickers from selected for...

0· 500·2 current·2 all-time
by@sakullla
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (QuotLy-style sticker generator) match the included script and SKILL.md. The skill requires no credentials, no binaries, and only optionally uses QUOTLY_API_URL/ALLOW_HOSTS/AUDIT_LOG for contacting an external rendering service — all appropriate for this functionality.
Instruction Scope
Runtime instructions are narrowly scoped: run the provided Python script with a JSON payload containing selected_messages. The script sends message text and optional avatar/status URLs to an external API (explicitly documented). That network behavior is expected for a remote-rendering service, but it does mean user message content (and any avatar/status URLs included) will be transmitted to the remote service.
Install Mechanism
No install spec and no external downloads; the skill is instruction-only with a bundled Python script. This is low-risk from an installation perspective.
Credentials
No required environment variables or credentials. Optional env vars (QUOTLY_API_URL, QUOTLY_API_ALLOW_HOSTS, QUOTLY_AUDIT_LOG, QUOTLY_DEDUP_WINDOW_SECONDS) are reasonable for configuring the remote API, allowlist, and auditing. Because the API URL is configurable, operators should set QUOTLY_API_ALLOW_HOSTS in sensitive environments to avoid contacting arbitrary hosts.
Persistence & Privilege
The skill does not request persistent presence (always=false) and does not modify other skills or system-level config. It runs as a transient script and uses normal agent invocation behavior.
Assessment
This skill will send the forwarded/quoted message text (and any avatar/status URLs you include) to an external rendering API to produce a sticker. That behavior is explicit in SKILL.md and the script includes SSRF protections, response size limits, and an optional allowlist. If the messages are privacy-sensitive, only use a trusted rendering endpoint or set QUOTLY_API_ALLOW_HOSTS to restrict which hosts can be contacted. Consider enabling QUOTLY_AUDIT_LOG for monitoring, and run the skill in an isolated environment if you need stronger data protection.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5eh95wt3k2a9qk2xpke72181w6b7latest telegram sticker quotevk977czn69ryh9z2tvhhdga14ad81v69mquotevk97850qm6kggnkc140ag2gb59s81xsavsecurityvk97850qm6kggnkc140ag2gb59s81xsavstickervk97850qm6kggnkc140ag2gb59s81xsavtelegramvk97850qm6kggnkc140ag2gb59s81xsav

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments