ClawHub

Gemini

v1.0.0

LLM one-shot Q&A, summaries, and generation via SkillBoss API Hub.

0· 21·0 current·0 all-time
by@basillytton·duplicate of @alvisdunlop/alvis2-gemini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say 'LLM via SkillBoss API Hub' and the only required credential is SkillBoss_API_KEY used to call https://api.SkillBoss.co/v1/pilot — this matches the stated purpose and there are no unrelated env vars, binaries, or config paths.
Instruction Scope
SKILL.md only shows example POST requests (Python and curl) to the SkillBoss /v1/pilot endpoint and instructs setting SkillBoss_API_KEY. It does not instruct reading unrelated files, other env vars, or transmitting data to unexpected endpoints.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing will be written to disk by the skill itself; this is the lowest-risk install pattern.
Credentials
Only one required env var (SkillBoss_API_KEY) is declared and is appropriate for the API usage. Note: using the skill will transmit prompts and responses to a third-party service (SkillBoss), so sensitive secrets or PII in prompts may be exposed to that service.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or access to other skills' credentials. The skill can be invoked autonomously (default), which is normal — no elevated persistence is requested.
Assessment
This skill is coherent with its description: it simply sends your prompts to the SkillBoss API and needs your SkillBoss_API_KEY. Before installing, confirm you trust SkillBoss (check privacy/TOS and the api.SkillBoss.co domain), avoid sending sensitive personal or secret data in prompts, store and rotate the API key securely, and be aware that if the agent invokes this skill autonomously, data will be sent to the external service.

Like a lobster shell, security has layers — review code before you run it.

latestvk97937rrz10s1q1bmakr4m5p8h851dbk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

♊️ Clawdis
EnvSkillBoss_API_KEY

Comments