ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Edith Senso Ingest

v1.0.0

Ingest documents into your Senso.ai knowledge base through Edith smart glasses. Triggers when user wants to add content to their knowledge base.

0· 107·0 current·0 all-time
by@samdickson22

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for samdickson22/edith-senso-ingest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Edith Senso Ingest" (samdickson22/edith-senso-ingest) from ClawHub.
Skill page: https://clawhub.ai/samdickson22/edith-senso-ingest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edith-senso-ingest

ClawHub CLI

Package manager switcher

npx clawhub@latest install edith-senso-ingest
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (ingest content into Senso.ai) align with the instructions (POST to senso.ai content endpoint). However, the skill's runtime instructions require a SENSO_API_KEY while the registry metadata declares no required environment variables or primary credential — an inconsistency.
Instruction Scope
SKILL.md gives explicit, bounded instructions: read file contents when a file path is provided and POST text to the Senso API. This stays within the stated purpose. It does instruct the agent to use the exec tool to run curl and to store a user-provided API key into OpenClaw memory/config; both are reasonable for this use case but increase the attack surface (shell execution and secret storage).
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. No downloads or third-party packages are being added by the skill itself.
!
Credentials
SKILL.md clearly requires a SENSO_API_KEY and tells the user to store it as SENSO_API_KEY in OpenClaw's memory/config, but the skill metadata lists no required env vars or primary credential. Requesting an API key is proportionate for the functionality, but the manifest should declare it. Storing secrets in agent memory/config without clear statements about protection or lifecycle (encryption, deletion, scope) is a concern.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
What to consider before installing
This skill appears to do what it claims (POST your content to Senso.ai), but the manifest is missing a declared environment variable: SKILL.md requires a SENSO_API_KEY while the registry lists none. Before installing, ask the publisher to: (1) update the manifest to declare SENSO_API_KEY (and mark it as the primary credential), (2) explain how and where the API key will be stored and protected in OpenClaw (encryption, access controls, retention/deletion), and (3) confirm the endpoint domain (sdk.senso.ai) is official. Also consider: provide a scoped API key (minimal permissions), avoid pasting long-lived master keys into the agent until you confirm secure storage, and be cautious when giving file paths — the skill will read files you point it at and send them to the external service.

Like a lobster shell, security has layers — review code before you run it.

latestvk976ejx26k77vktcnqt7n7nmms83rxe4
107downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@samdickson22
latest
Download

Senso Content Ingestion

Ingest documents and content into the user's Senso.ai knowledge base so it becomes searchable through Edith smart glasses.

When to use

Activate this skill when the user wants to add, upload, or ingest content into their knowledge base. Examples:

  • "Add this to my knowledge base..."
  • "Ingest this document..."
  • "Store this information..."
  • "Remember this for later..." (when referring to document-scale content, not short notes)
  • "Upload this to Senso..."
  • "Index this content..."

Do NOT use this skill for simple note-taking or reminders. This is for ingesting substantial content that should be searchable later.

Setup

The user must have a Senso.ai API key configured. If not, tell them:

  1. Sign up at https://senso.ai and create a project
  2. Go to Settings > API Keys and generate a new key
  3. Tell OpenClaw: "My Senso API key is sk-..." and store it for future use

The API key should be stored in OpenClaw's memory/config as SENSO_API_KEY.

How to ingest content

Use the exec tool to call the Senso.ai content ingestion endpoint:

curl -s -X POST "https://sdk.senso.ai/api/v1/content/raw" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ${SENSO_API_KEY}" \
  -d '{"content": "<text content to ingest>", "metadata": {"title": "<optional title>", "source": "<optional source>"}}'

Ingesting from a file

If the user provides a file path, read it first and then send the content:

curl -s -X POST "https://sdk.senso.ai/api/v1/content/raw" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ${SENSO_API_KEY}" \
  -d @- <<'BODY'
{
  "content": "<file contents>",
  "metadata": {
    "title": "<filename>",
    "source": "file"
  }
}
BODY

For large files, consider chunking the content into logical sections before ingesting.

Formatting responses for Edith voice output

Edith speaks responses through smart glasses speakers. Keep confirmations brief:

  1. Confirm success simply. Say "Done, I've added that to your knowledge base" or "Got it, that's been indexed."
  2. Mention what was ingested. Say "I've added the return policy document to your knowledge base" so the user knows what happened.
  3. No technical details. Don't mention API responses, document IDs, chunk counts, or byte sizes.
  4. If it fails, be clear. Say what went wrong in plain language.

Example

User: "Hey Edith, add this meeting summary to my knowledge base: We decided to launch the new product line in Q3 and increase the marketing budget by 20 percent."

Good response: "Done, I've added your meeting summary to your knowledge base."

Bad response: "I have successfully ingested 1 document containing 147 characters into your Senso.ai knowledge base. The document ID is doc_abc123 and it was chunked into 1 segment."

Error handling

  • Missing API key: "You haven't set up your Senso knowledge base yet. You'll need a Senso API key. Visit senso.ai to get one, then tell me the key."
  • 401 Unauthorized: "Your Senso API key seems invalid. Please check it and try again."
  • Content too large: Split the content into smaller pieces and ingest each separately. Confirm with "I've added your document in multiple parts to your knowledge base."
  • Network/timeout error: "I couldn't reach your knowledge base right now. Try again in a moment."
  • Empty content: "There's no content to add. Tell me what you'd like to store in your knowledge base."

Comments

Loading comments...