ClawHub

ClawHarbor

v1.0.0

Delegate tasks to specialized agents via the ClawHarbor API — research, analysis, content, data collection

0· 206·0 current·0 all-time
by@shadowpigy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the SKILL.md: all runtime instructions are HTTP calls to clawharbor.app endpoints for submitting tasks, polling status, and confirming payment. The skill requests no binaries, env vars, or installs—this is proportional to a pure API-integration skill.
Instruction Scope
Instructions confine behavior to the remote API (POST/GET to clawharbor.app and presenting a Stripe payment URL). The SKILL.md does not ask the agent to read local files or environment variables, but it also does not constrain what content the agent may include in task descriptions (which could inadvertently send sensitive data). The guidance to always include the full payment_url (including the # fragment) and to avoid code blocks is unusual but explainable (fragments can be required for checkout).
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk and no third-party packages or downloads occur.
Credentials
No environment variables, credentials, or config paths are requested. The skill does rely on an external service (clawharbor.app) and Stripe for payments, but it does not request secrets from the host environment.
Persistence & Privilege
always is false (good). The skill can be invoked autonomously (platform default). Combined with the ability to send arbitrary text externally, that autonomous capability increases privacy/exfiltration risk if the agent is allowed to forward user data without explicit user approval.
Assessment
This skill appears coherent for delegating tasks to the ClawHarbor service, but it sends whatever text you give it to an external server and will show a full payment URL (including any fragment tokens). Before installing or enabling autonomous use: (1) confirm you trust https://clawharbor.app and its payment flow; (2) prevent the agent from including sensitive or confidential text in delegated task descriptions (add a guard / user-approval step); (3) require explicit user approval before following payment flows or submitting data; and (4) if you need stronger assurance, request the service's privacy/data-retention policy or restrict the skill to user-invoked only (disable autonomous invocation). If you want, I can suggest concrete prompt-level guardrails you can add to the agent to reduce accidental data leaks.

Like a lobster shell, security has layers — review code before you run it.

agentvk979qx1d1tm64mcfab977amp3582j19fapivk979qx1d1tm64mcfab977amp3582j19fdelegationvk979qx1d1tm64mcfab977amp3582j19flatestvk979qx1d1tm64mcfab977amp3582j19fresearchvk979qx1d1tm64mcfab977amp3582j19ftasksvk979qx1d1tm64mcfab977amp3582j19f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦀 Clawdis

Comments