ClawHub

Blocket Watcher - Sweden

v1.0.0

Poll Swedish Blocket.se via the blocket CLI on a schedule, dedupe listings by ad id, and send new matches to Telegram with openclaw message send — no LLM on...

0· 14·0 current·0 all-time
by@x3r081
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required binaries and included scripts: poll.py/onboard.py call the `blocket` CLI to fetch results and `openclaw message send` to notify Telegram. No unrelated services, credentials, or binaries are requested.
Instruction Scope
Runtime instructions and scripts operate only on local config.json and seen.json in the skill folder, invoke the `blocket` and `openclaw` CLIs, and optionally read the non-sensitive env var BLOCKET_WATCH_DRY_RUN for dry-run behavior. The SKILL.md and code do not transmit data to unexpected external endpoints beyond those two CLIs. They do assume `openclaw` is already authenticated (so OpenClaw-managed credentials will be used when sending messages).
Install Mechanism
No install spec is provided (instruction-only install). The skill is distributed as source scripts that the user copies; nothing is downloaded or executed from an arbitrary URL by the skill itself.
Credentials
The skill declares no required environment variables and requires only the `blocket` and `openclaw` binaries. It does rely on OpenClaw being configured (so OpenClaw's channel tokens/credentials are used to send Telegram messages), which is expected and proportionate. The skill does use a non-sensitive runtime env var (BLOCKET_WATCH_DRY_RUN) not declared in metadata; this is for user dry-runs only and not a credential.
Persistence & Privilege
The skill is not marked always:true and does not request elevated privileges. It writes a local seen.json to persist seen ad IDs and will be started via a systemd user timer if the user installs that; it does not modify other skills or system-wide agent configs.
Assessment
This skill appears to do exactly what it claims: run the `blocket` CLI on a schedule, dedupe by ad id, and send messages via `openclaw message send`. Before installing: 1) Ensure you install `blocket` and `openclaw` from trusted sources and that OpenClaw is authenticated only with the channels/accounts you intend to use. 2) Do not commit config.json or seen.json (these contain your Telegram chat id and tracked ids). 3) Edit the systemd service WorkingDirectory/ExecStart to the absolute path you choose. 4) Run a dry-run first (BLOCKET_WATCH_DRY_RUN=1 ./poll.sh) to validate behavior. 5) Review permissions on the script directory so seen.json is only writable by your user. If you want stronger guarantees, inspect the binaries `blocket` and `openclaw` on your system to confirm they are official and behave as expected.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yw0t3dxym1nmen092crsen84qq9a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux
Binsblocket, openclaw

Comments