authoring-data-cli-source
v1.0.1Use when the user needs to add or redesign an agent-data-cli source for RSS, news, social media, finance, APIs, scraping, browser automation, authentication,...
⭐ 1· 189·0 current·0 all-time
bySeverin Zhong@severinzhong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (authoring data-cli source) matches the SKILL.md and the included reference documents. The files describe source types, contracts, testing, and review checklists consistent with designing sources for agent-data-cli. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The instructions are prescriptive about research, spec, plan, TDD, and verification and remain within the expected scope for authoring sources. They do reference cloning and working with the agent-data-cli repo and its fetchers, and recommend using local fetch tools and browser automation when needed. This is normal for the purpose, but the guidance does point the user to fetch and run third-party repo code (git clone, uv sync, uv pip install, init.sh), so users should inspect that upstream code before running it.
Install Mechanism
No formal install spec is included (instruction-only), which lowers risk. The README-style instructions show commands that clone or install code from a GitHub repository (https://github.com/severinzhong/agent-data-cli) and an npx-based skills add. GitHub and npx are common, but they will fetch and run remote code — this is expected for this skill but worth a quick manual review before executing those commands.
Credentials
The skill declares no required environment variables, credentials, or config paths. The references explicitly advise against ad-hoc environment reads and instruct sources to consume config via manifest/self.config. This is proportionate for an authoring guide.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system presence. It is instruction-only and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (platform normal) but the skill does not request elevated or persistent privileges.
Assessment
This skill is an authoring guideline and appears coherent with its purpose. It does not request secrets or special system privileges. Before following the install commands (git clone, npx skills add, uv sync, uv pip install, init.sh), manually inspect the referenced GitHub repository and any install scripts to confirm they are from a trusted source and contain no unexpected behavior. Be extra cautious when implementing sources that require browser automation or authentication: those flows may require credentials or cookies — store and grant those minimally and inspect any code that handles them. If you want higher assurance, ask the skill author for a link to the exact repo commit/tag or for vetted packaged releases rather than cloning a branch-less repo reference.Like a lobster shell, security has layers — review code before you run it.
latestvk973zypc63n9tfkn5n6mt8zkgn838fcz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.