ClawHub

Loopuman

v0.1.0

Route tasks needing real human judgment, local knowledge, or cultural insight to verified workers paid via cUSD on Celo, for verification, translation, moder...

0· 615·0 current·0 all-time
by@seesayearn-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe routing tasks to human workers; required binaries (curl, jq), the shell CLI, and the API endpoints in the docs match that purpose. The script and docs consistently call the same API host (https://api.loopuman.com) and implement create/status/list/cancel/wait operations appropriate for a task-routing service.
Instruction Scope
SKILL.md instructs the agent and user only to create a local config file with an API key, call the Loopuman API, and optionally use webhooks. It explicitly prohibits using the skill for tasks AI can handle. The instructions do not ask the agent to read unrelated system files or exfiltrate unrelated credentials. The skill does suggest using webhooks (user-provided URLs) which is normal for callbacks but has privacy implications (see guidance).
Install Mechanism
No install spec (instruction-only plus a small CLI script). No downloads or archives are performed. The included Bash script is readable and straightforward (uses curl/jq); there are no obfuscated or network-downloaded binaries in the package. The script references an alternate legacy config path (~/.clawdbot) which appears to be a harmless compatibility fallback.
Credentials
The skill does not request environment variables or other unrelated credentials. It requires a Loopuman API key stored in a local config file (apiKey/apiUrl) which is appropriate for an external service. The script honors the LOOPUMAN_CONFIG override, again reasonable. It does not request AWS, Celo wallet private keys, or other unrelated secrets — payments occur off-band via Telegram/Celo per the docs.
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges and does not modify other skills or global agent settings. It only reads a local config file and supports an env override; this is normal and appropriately scoped.
Assessment
This package appears coherent for its stated purpose, but review these points before installing: - Protect the API key: store it only in the local config file and treat it like a credential (the service's register endpoint returns the key once and cannot retrieve it later). - Webhook caution: if you supply a webhook URL, task results and potentially user-provided content will be POSTed there — don't point it at systems that shouldn't receive user data. Validate and secure any webhook endpoint. - Avoid sending sensitive or regulated PII to human workers; the platform is designed for human review and may expose submitted content outside your control. - Confirm the API host (https://api.loopuman.com) and promo codes via the official vendor channels before putting funds or production data in the system. - The CLI script reads a fallback path (~/.clawdbot/...) and honors LOOPUMAN_CONFIG; if you use shared systems, be aware of where the config file is read from to avoid accidental reuse. Overall, the skill is internally consistent; the main risks are operational/privacy choices (webhooks, task content, payments), not incoherence in the package itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk970epaptbea7cqzyq1m2rf9bd81580j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌍 Clawdis
Binscurl, jq

Comments