ClawHub

Data Validate

Validate URLs and JSON schemas against format rules.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 191 · 0 current installs · 0 all-time installs
by@CutTheMustard
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (URL and JSON schema validation) matches the SKILL.md: it provides curl examples for URL, JSON Schema, email, and phone validation against an external API. There are no unrelated credentials or binaries requested.
Instruction Scope
The instructions explicitly direct the agent to POST user data to https://validate.agentutil.net endpoints. The SKILL.md does require explicit user consent before sending data (especially PII), which is appropriate. This is still a privacy-sensitive operation because validation is performed off-host; the agent will transmit whatever data is provided to the external service if consent is given.
Install Mechanism
Instruction-only skill with no install step and no code files — lowest install risk. The skill uses curl examples but does not install or download code.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or elevated access, so requested environment access is proportionate to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated privileges or modify other skills.
Assessment
This skill sends user data to an external API (validate.agentutil.net). Before installing or invoking it: (1) verify the service owner and HTTPS certificate for the domain; (2) confirm the privacy claims — you may want to test with non-sensitive data to ensure no logging or retention; (3) note the SKILL.md requires you to obtain explicit consent before sending PII — enforce that in your agent flow; (4) the pricing section mentions an on-chain payment protocol (x402 / USDC on Base) while also saying 'no authentication required' — ask the provider how paid-tier tracking and billing work; (5) if you cannot verify the provider or its privacy/billing model, prefer a local validator (libraries like ajv for JSON Schema) to avoid sending sensitive data externally.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk975bjeva0ef9yt0ptenr9ngjh82828y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis

SKILL.md

data-validate

Validate data formats: URL parsing, JSON Schema (draft-07) validation, email syntax (RFC 5322), and phone format (E.164).

Important: User Consent Required

Before validating any user-provided data, always confirm with the user that they consent to sending the data to an external validation service. Do not autonomously validate data that may contain personally identifiable information (PII) without explicit user approval.

Endpoints

URL Validation

curl -X POST https://validate.agentutil.net/v1/url \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/path"}'

JSON Schema Validation

curl -X POST https://validate.agentutil.net/v1/json-schema \
  -H "Content-Type: application/json" \
  -d '{"data": {"name": "test"}, "schema": {"type": "object", "required": ["name"]}}'

Email Syntax Check

Validates RFC 5322 structure only — no SMTP connection, no inbox verification.

curl -X POST https://validate.agentutil.net/v1/email \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

Phone Format Check

Validates E.164 format structure only.

curl -X POST https://validate.agentutil.net/v1/phone \
  -H "Content-Type: application/json" \
  -d '{"phone": "+1-555-0100"}'

Response Format

{
  "valid": true,
  "url": "https://example.com/path",
  "protocol": "https:",
  "hostname": "example.com",
  "errors": [],
  "request_id": "abc-123",
  "service": "https://validate.agentutil.net"
}

Pricing

  • Free tier: 10 queries/day, no authentication required
  • Paid tier: $0.001/query via x402 protocol (USDC on Base)

Privacy

All validation is syntax/format checking only. No data is stored or logged beyond the immediate response. No SMTP probing, no payment network contact, no third-party forwarding. Rate limiting uses IP hashing only.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…