ClawHub

Bricklink

v1.4.2

BrickLink Store API helper/CLI (OAuth 1.0 request signing). Covers orders, store inventory (read + write), catalog, categories, colors, feedback, and push no...

1· 2.4k·2 current·2 all-time
byOliver Drobnik@odrobnik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (BrickLink CLI, OAuth 1.0 signing, store/inventory/orders) align with the included Python script and the required OAuth env vars. The required binaries (python3) and four OAuth env vars are exactly what a BrickLink API helper needs.
Instruction Scope
Runtime instructions stay on-task (calling BrickLink store APIs, rendering HTML, reading a local config or environment variables). The CLI can read a workspace config file (workspace/bricklink/config.json) or environment variables; references include a notes file about parsing a downloaded consumer-registration HTML file (a helper to extract OAuth secrets). That behavior (parsing a local HTML file) is expected for convenience but means the CLI may read a local file you point it at — only supply files you trust.
Install Mechanism
Instruction-only skill (no external installer). Code is included in the repository as Python scripts; no downloads or remote installers are invoked by the skill metadata.
Credentials
The four required environment variables are the OAuth consumer and token secrets expected for BrickLink API access. The scripts also consult benign environment variables for workspace detection (BRICKLINK_WORKSPACE / OPENCLAW_WORKSPACE / PWD / TMPDIR) but do not request unrelated credentials.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It does not request persistent/system-wide privileges or modify other skills; autonomous invocation (disable-model-invocation=false) is the platform default and not in itself a problem.
Assessment
This skill appears coherent with its BrickLink CLI purpose. Before installing: (1) Only provide your BrickLink OAuth consumer key/secret and token value/secret (do not supply unrelated credentials). (2) Be aware the tool will look for a config file in your workspace (workspace/bricklink/config.json) or use environment variables — verify which path it will read and keep secrets in a safe place. (3) The repo contains a helper/README that mentions parsing a downloaded HTML consumer-registration file; if you use that option, only point it at files you trust (it will read local content to extract secrets). (4) The script contacts api.bricklink.com and img.bricklink.com (expected). If you need stronger assurance, review the full scripts/bricklink.py before use or run the CLI in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk973dds4qxb95537kz4qdc7qq1826jzd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧱 Clawdis
Binspython3
EnvBRICKLINK_CONSUMER_KEY, BRICKLINK_CONSUMER_SECRET, BRICKLINK_TOKEN_VALUE, BRICKLINK_TOKEN_SECRET

Comments