ClawHub

orbcafe-pivot-ainav

v1.0.0

Build ORBCAFE advanced analytics interactions using CPivotTable/usePivotTable and voice navigation using CAINavProvider/useVoiceInput. Use when requests invo...

0· 174·0 current·0 all-time
by@shenruiyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (pivot analytics + voice navigation) match the SKILL.md and the included recipe/guardrail/domain files. There are no unexpected binaries, environment variables, or external services required by the skill metadata.
Instruction Scope
The runtime instructions are scoped to selecting recipes and applying the provided guardrails; they do not instruct reading unrelated system files or exfiltrating data. Note: references/recipes.md contains an example that hardcodes wsUrl="ws://localhost:8765" for CAINavProvider, which conflicts with references/guardrails.md guidance that wsUrl and ASR auth must come from app config and not be hardcoded.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This minimizes filesystem and network install risk.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. Guardrails correctly recommend ASR auth and wsUrl come from app config; ensure implementers follow that to avoid embedding secrets. If implementers ignore the guardrails and hardcode ASR credentials, that would be a security/privacy risk (but the skill as provided does not request such secrets).
Persistence & Privilege
Skill is not forced-always, has normal model invocation settings, and does not request modifications to other skills or system-wide config. Persistence behaviors (preset storage) are addressed in guardrails and left to the integrator.
Assessment
This skill appears coherent and safe to evaluate further, but verify a few practical things before installing or using it in production: 1) Ensure implementers do not hardcode websocket endpoints or ASR credentials — use app config or secrets managers as the guardrails recommend. 2) Review where voice/audio is sent (ASR endpoint) and confirm the endpoint is trusted and compliant with your privacy requirements. 3) Decide whether pivot presets are business assets (server-side persistence) or personal preferences (local storage) per the guardrails. 4) Test the CAINavProvider integration in a safe environment (localhost/dev) before deploying. If you need the skill to access any credentials or persistent storage, require those explicitly and audit how they're used.

Like a lobster shell, security has layers — review code before you run it.

latestvk975mcewew5gsgcwg30bb8f0b182q0wr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments