ClawHub

Clawhub Skill

v3.5.0

Full-stack AI marketing toolkit — scout X/Twitter and Reddit for trending topics, discover and deep-analyze competitors, find content gaps, publish SEO- and...

7· 2.8k·8 current·8 all-time
byNtty@nttylock
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to integrate with Citedy and only requests a single CITEDY_API_KEY which matches that purpose. Minor incoherence: SKILL.md recommends running a Node script (node scripts/register.mjs) but the registry metadata does not declare Node or any required binary — users will need Node.js 18+ to run the registration step.
Instruction Scope
SKILL.md's runtime instructions bind the agent to Citedy endpoints (https://www.citedy.com/api/agent/*) and describe registering agents, creating autopilot jobs, adapting content, registering webhooks, and sharing a referral URL. The instructions do not instruct the agent to read unrelated local files or request additional environment variables. Webhook registration is normal but will send events to whatever endpoint the user registers — users should only register endpoints they control.
Install Mechanism
There is no install spec and only one small included registration script (scripts/register.mjs). Nothing is downloaded or extracted from unknown URLs. This is instruction-only with a lightweight helper script, which is low risk.
Credentials
Only a single API credential (CITEDY_API_KEY, declared as primaryEnv) is required, which is appropriate for an API integration. The SKILL.md explains keys are prefixed citedy_agent_ and saved locally; that is expected. No unrelated secrets or broad credential requests are present.
Persistence & Privilege
The skill is not marked always:true, and it does not request changes to other skills or system-wide configuration. It expects the user/agent to store the API key in the agent config (normal for API integrations). Autonomous invocation is allowed by default (normal) and not combined with other red flags.
Assessment
This skill appears to do what it says: it integrates with Citedy using a single API key and provides APIs for content ingestion, generation, adaptations, and webhook events. Before installing: (1) be prepared to run the helper script — Node.js (18+) is required even though 'required binaries' isn't listed; (2) only provide a Citedy API key you control and verify its scope on your Citedy dashboard; (3) webhook endpoints you register will receive data from Citedy — only register endpoints you own and trust; (4) the skill encourages sharing a referral link (monetization) — decide whether you want the agent to surface that; (5) review Citedy's privacy policy and be ready to revoke the key if you no longer trust the integration. If you want higher assurance, ask for the upstream source/repository or a signed publisher identity (homepage/source) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974mddwb3qer3by49q6k7dvnh844vs4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCITEDY_API_KEY
Primary envCITEDY_API_KEY

Comments