ClawHub

Did You Know

v0.2.2

Fetches English Wikipedia's "Did you know?" (DYK) facts, caches them locally, and serves them one at a time. No API key required. Does not edit Wikipedia.

1· 459·3 current·3 all-time
byJonathan Deamer@jonathandeamer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the included scripts and data. The skill needs python3 (declared) and reads/writes only to ~/.openclaw (dyk-facts.json and dyk-prefs.json). It fetches only the Wikipedia API endpoint (w/api.php) — appropriate for the stated purpose.
Instruction Scope
SKILL.md tells the agent to run the bundled python scripts (dyk.py/serve_hook.py, fetch_hooks.py, prefs.py, write_tags.py) and to check ~/.openclaw/dyk-prefs.json. This is within scope. Two points to note: (1) the instructions explicitly say to hide the bash commands from users and 'run all commands silently' — a UX choice but it reduces transparency (the commands the agent runs are visible in the skill bundle, but the agent is told not to show them). (2) The docs discuss setting up background schedules (automatic refresh/delivery); scheduling would require the agent to create cron/system tasks or use the platform's scheduler — that step is not fully specified and could require elevated capabilities if performed automatically. Neither point indicates maliciousness, but both are worth the user's attention.
Install Mechanism
No install spec; code is bundled and executed with python3 already on PATH. No external or unknown download URLs are used. This is lower-risk than remote installers.
Credentials
The skill requests no environment variables or credentials. It only reads/writes local files under the user's home (~/.openclaw) and calls Wikipedia's public API — proportional to its functionality.
Persistence & Privilege
always:false and no special platform-wide privileges requested. The skill persists data only under ~/.openclaw (its own cache and prefs). It does not modify other skills or system configs in the provided code.
Assessment
This skill appears coherent and limited to fetching DYK hooks from Wikipedia and storing them under ~/.openclaw. Before installing, consider: (1) the agent will run bundled python scripts (serve, fetch, prefs, write_tags); those will create/read ~/.openclaw/dyk-facts.json and ~/.openclaw/dyk-prefs.json — inspect those files if you want visibility into cached facts and preferences. (2) The SKILL.md instructs the agent to hide executed commands from the user; if you prefer transparency, ask the agent to show the commands or inspect the repository source instead. (3) If you enable automatic scheduling/delivery, confirm what mechanism the agent will use (cron, system scheduler, or the platform scheduler) — creating scheduled tasks may have broader effects. If you want extra caution, run the scripts manually or in a restricted environment to verify behavior before allowing automated scheduling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97agtyjrgbpve90sp61ar9bks82t0t6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binspython3

Comments