ClawHub

Clawise

v0.1.0

Account, access, and operations infrastructure for AI agents — phone verification, email inboxes, CAPTCHA solving, credential vault, and identity management.

0· 99·0 current·0 all-time
by@shiyanhui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description request a single API key (CLAWISE_API_KEY) and the SKILL.md instructs setting that key; the requested credential is coherent with a service that exposes mail, phone, captcha, and vault functionality.
Instruction Scope
SKILL.md contains only onboarding steps (get API key, set CLAWISE_API_KEY) and links to documentation; it does not instruct reading other files or environment variables. However, the instructions give an agent implicit permission to call the provider's APIs with broad capabilities once the key is available.
Install Mechanism
No install spec and no code files are present (instruction-only), so nothing will be written to disk or pulled from arbitrary URLs during install.
Credentials
Only a single API key is required (primaryEnv), which is proportionate to the described integration; nevertheless, that one key grants access to sensitive services (mailboxes, SMS, captcha solving, vault) so it is high-value and should be scoped and protected.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (defaults), which is normal. Because the skill grants access to powerful external capabilities, autonomous invocation by an agent increases the blast radius—consider limiting autonomous use and monitoring activity.
Assessment
This skill is internally coherent, but the CLAWISE_API_KEY would let an agent perform high-impact actions (create/inspect email inboxes, receive SMS, solve CAPTCHAs, and access a credential vault). Before installing: verify the vendor (review https://clawise.dev and docs), only provide a least-privilege/scoped API key (not a master key), use a dedicated account for agent activity, enable and monitor audit/logging and billing alerts, rotate keys regularly, avoid putting the key in a broadly-shared global environment, limit agent autonomy where possible, and confirm the provider's data-retention and access policies. If you cannot verify the provider or cannot constrain the key's scope, do not install or run this skill with sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973k2rb2rf5jkdpznryabhvxn836wyv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCLAWISE_API_KEY
Primary envCLAWISE_API_KEY

Comments