ClawHub

copy-paste.cloud

v1.0.0

Read and create pastes on copy-paste.cloud. Fetch recent public pastes, retrieve a paste by ID, or publish new content via the public API.

0· 0·0 current·0 all-time
by@orti99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (copy-paste.cloud pastebin operations) align with what the skill does: three scripts call api.copy-paste.cloud to list recent pastes, fetch a paste, and create a paste. Required credential (COPYPASTE_API_KEY) and required binaries (curl, jq) are appropriate for those tasks.
Instruction Scope
Runtime instructions limit activity to API calls to api.copy-paste.cloud and do not read unrelated system files or credentials. Minor inconsistency: scripts/get_paste.sh uses python3 for URL-encoding when a password is provided, but SKILL.md/metadata do not list python3 as a required binary (README mentions python3). Also README and SKILL.md differ slightly about when the API key is required (get_paste.sh supports public pastes without a key). These are implementation/documentation mismatches, not evidence of malicious behavior.
Install Mechanism
Instruction-only skill with small included shell scripts; no external downloads or archive extraction. No install steps that write or execute remote arbitrary code.
Credentials
Only COPYPASTE_API_KEY is required (declared as primaryEnv). The key is used only as a Bearer token sent to api.copy-paste.cloud. No other credentials or unrelated environment variables are requested.
Persistence & Privilege
The skill is not forced-always, does not request persistent system-wide changes, and doesn't modify other skills' config. Model invocation/autonomous use is enabled by default but is not combined with broad credentials or elevated privileges here.
Assessment
This skill appears to do exactly what it says: call api.copy-paste.cloud to list, fetch, and create pastes. Before installing, verify the following: (1) Only grant COPYPASTE_API_KEY if you trust copy-paste.cloud — the key and any paste content you send will go to that service. (2) If you may fetch password-protected pastes, ensure python3 is available (get_paste.sh URL-encodes passwords via python3); consider adding python3 to the declared required binaries. (3) Check the API key's permissions and revoke it if exposed. (4) Be aware that created pastes (unless marked private) are stored on the remote server; do not paste secrets unless you intend them to be stored/visible. The inconsistencies are minor documentation/metadata issues rather than functional or malicious problems.

Like a lobster shell, security has layers — review code before you run it.

latestvk978s79c2t3vzsmv01xtmwyv1984ab3t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq
EnvCOPYPASTE_API_KEY
Primary envCOPYPASTE_API_KEY

Comments