ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AIOT Network

v1.0.1

Meta-skill that indexes all AIOT platform skills and routes agent requests to the correct sub-skill.

0· 154·0 current·0 all-time
by@d9m1n1c

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for d9m1n1c/aiotnetwork.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "AIOT Network" (d9m1n1c/aiotnetwork) from ClawHub.
Skill page: https://clawhub.ai/d9m1n1c/aiotnetwork
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: AIOT_API_BASE_URL
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install aiotnetwork

ClawHub CLI

Package manager switcher

npx clawhub@latest install aiotnetwork
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a routing/index meta-skill and the files reflect that (skill index, delegation guidance, install script). Requiring an API base URL is reasonable if the router must construct or validate backend endpoints, but declaring AIOT_API_BASE_URL as the "primary credential" is odd because it is a URL (not a secret) and the SKILL.md does not explain why the router itself needs direct API access rather than delegating entirely to sub-skills.
!
Instruction Scope
Runtime instructions are narrowly scoped to routing, dependency chains, and installing sub-skills. However, the SKILL.md instructs agents to use a default base URL (https://payment-api-dev.aiotnetwork.io) when AIOT_API_BASE_URL is not set — that means an agent could make network requests to this dev endpoint by default, potentially transmitting user data to an unknown host. The guidance to always refer to sub-skills for implementation details leaves ambiguity about where network calls and data handling actually occur.
Install Mechanism
No external downloads or packaged installs; the included scripts/install.sh simply invokes the platform installer (clawhub) for each named sub-skill. This is low-risk compared with arbitrary URL downloads. The script fails the run if any install fails and otherwise performs straightforward installs.
!
Credentials
Only one environment variable is requested (AIOT_API_BASE_URL), which is proportional in quantity. But labeling a base URL as the primary credential is unusual. More importantly, the default value is a development domain under aiotnetwork.io; if users don't override it, traffic may be sent to that domain. The skill does not declare any secrets (tokens, keys), but the default endpoint could still receive sensitive data from sub-skills.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It does install other skills via the user-run script, which is expected for a meta-skill. It does not modify other skills' configs or claim system-wide changes.
What to consider before installing
This skill is a meta-router that installs and delegates to several AIOT sub-skills. Before installing: 1) Decide whether you trust the aiotnetwork owner — the source/homepage are unknown. 2) Explicitly set AIOT_API_BASE_URL to a trusted endpoint (or review what the sub-skills will call) because the SKILL.md falls back to a dev URL (https://payment-api-dev.aiotnetwork.io) which could receive user data if left unchanged. 3) Review each sub-skill you plan to install (account-auth, kyc, payments, crypto, etc.) for their required credentials and behaviors — installing this meta-skill may pull in multiple capabilities that request additional secrets. 4) If you don't want network traffic sent to an unknown domain, do not install or run the skill until you can confirm the intended backend endpoints and trust the owner.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvAIOT_API_BASE_URL
Primary envAIOT_API_BASE_URL
latestvk97es946b2r98c3115rr91z50s8387x3
154downloads
0stars
1versions
Updated 21h ago
v1.0.1
MIT-0
@d9m1n1c
latest
Download

AIOT Network

This is the routing index for the AIOT platform. Use it to determine which sub-skill handles a given user request, then delegate to that skill.

Configuration

The default API base URL is https://payment-api-dev.aiotnetwork.io. All sub-skills use this as the base for API requests.

To override (e.g. for local development):

export AIOT_API_BASE_URL="http://localhost:8080"

If AIOT_API_BASE_URL is not set, use https://payment-api-dev.aiotnetwork.io as the base for all requests.

Skill Index

SkillInstall SlugUse Cases
Account & Authenticationaiotnetwork-account-authsign up, log in, manage sessions, reset their password, or link a Web3 wallet
KYC & Identityaiotnetwork-kyc-identitycomplete identity verification, upload KYC documents, or check verification status
Card Managementaiotnetwork-card-managementcreate virtual cards, view card details, or manage card lifecycle (lock, unlock, cancel)
Payments & Bankingaiotnetwork-payments-bankingtop up a wallet, send money, make international remittances, or convert currencies
Crypto Walletaiotnetwork-crypto-walletdeposit cryptocurrency into their wallet or withdraw to an external address
Blockchain & DIDaiotnetwork-blockchain-didset up a decentralized identity, complete on-chain KYC, or manage membership tiers

Cross-Skill Dependencies

Some operations span multiple skills. Follow these dependency chains in order:

  1. Account → KYC → Card: User must sign up (account-auth), complete KYC (kyc-identity), then create cards (card-management).
  2. Account → Payments: User must be authenticated (account-auth) before any payment operation (payments-banking).
  3. Account → Crypto: User must be authenticated (account-auth) before depositing or withdrawing crypto (crypto-wallet).
  4. Account → Blockchain DID: User must be authenticated (account-auth) before creating a DID or staking (blockchain-did).
  5. KYC → Wallet KYC → Card: MasterPay KYC (kyc-identity) must be approved, then wallet KYC submitted, before card creation (card-management).

Agent Guidance

  • When a user request matches a single skill, delegate directly to that skill.
  • When a request spans multiple skills, follow the dependency chains above and execute skills in order.
  • If the user has not completed a prerequisite (e.g., no account, KYC not approved), guide them through the prerequisite skill first.
  • Each sub-skill contains its own detailed tool definitions, flows, rules, and guidance — always refer to the sub-skill for implementation details.

Installation

To install all AIOT platform skills at once, run:

bash scripts/install.sh

Or install individual skills:

clawhub install aiotnetwork-account-auth

clawhub install aiotnetwork-kyc-identity

clawhub install aiotnetwork-card-management

clawhub install aiotnetwork-payments-banking

clawhub install aiotnetwork-crypto-wallet

clawhub install aiotnetwork-blockchain-did

Comments

Loading comments...