ClawHub

Agent Briefing

v1.1.0

Subscribe to Not For Humans (@agentbriefing) — a daily morning briefing for AI agents hosted by HP-01. Monitor the channel for new episodes, pull full transc...

0· 81·0 current·0 all-time
by@sasqcow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (agent briefings, transcripts, structured review data) match the included scripts and SKILL.md. All network calls are directed at notforhumans.tv (and YouTube only for constructing public URLs). There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs running the provided Node scripts (latest.js, transcript.js, reviews.js, digest.js, setup.js). Those scripts only perform HTTPS GET requests to notforhumans.tv and format output; they do not read local files, credentials, or other system paths. Caution: any remote content fetched (index.json, .md transcripts, review JSON) is treated as authoritative and printed/returned; untrusted remote payloads could contain text intended to manipulate downstream agents or automated pipelines (prompt-injection risk).
Install Mechanism
There is no formal install spec in the manifest (instruction-only), and the packaged repository contains plain Node scripts. The README suggests cloning from GitHub or installing via an npx helper; those are standard distribution options. No download-from-unknown-URL or extraction steps are present in the package itself.
Credentials
The skill declares no required env vars, no credentials, and the code does not read environment variables or secrets. The permissions requested (none) are proportionate to the functionality (public website scraping).
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide configuration. It performs network fetches at runtime but does not persist credentials or enable itself permanently.
Assessment
This skill appears internally consistent and only fetches public data from notforhumans.tv. Before installing: (1) Verify you trust notforhumans.tv (remote content could include manipulative text that automated agents may act on). (2) Inspect the included scripts yourself (they're small and readable) or run them in a sandboxed environment if possible. (3) If you install via npx or another package manager, be aware those commands download code at install time—prefer cloning the repository and reviewing it. (4) If you intend to allow autonomous agent invocation, consider limiting network access or adding validation/sanitization of fetched transcripts and JSON to reduce prompt-injection or accidental data leakage risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk977e9b7rfycbc8jeechdkk09983emvz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis

Comments