ClawHub

Flowsery

v1.0.0

Query web analytics data from Flowsery Analytics — a privacy-first, cookie-free alternative to Google Analytics. Retrieve real-time visitors, time series, br...

0· 5·0 current·0 all-time
byTaras Shynkarenko@tarasshyn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill only needs FLOWSERY_API_KEY and its SKILL.md shows authenticated requests to analytics.flowsery.com endpoints (overview, timeseries, realtime, breakdowns, visitors, goals, payments). The requested credential is appropriate for an analytics integration.
Instruction Scope
Instructions are limited to calling the Flowsery API endpoints using the bearer token. They reference the Flowsery tracking cookie (_fs_vid) for visitor-specific actions, which is expected. However, the documented API includes write/delete endpoints (POST /goals, POST /payments, DELETE /goals, DELETE /payments) — so the API key grants the ability to create and delete records, not just read data. That capability is coherent with an admin/api key but is potentially destructive if misused.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). No downloads, packages, or binaries are requested or installed.
Credentials
Only FLOWSERY_API_KEY is required, which is proportional to the stated functionality. Important: the key appears to be a full API key (used for read and write operations per the docs). Make sure you provide a minimally-permissioned key if the service supports scoped/read-only keys, because possession of this key could allow data posting or deletion.
Persistence & Privilege
The skill does not request always:true or any persistent system-wide modifications. It follows the platform defaults (user-invocable, agent-autonomous invocation allowed).
Assessment
This skill is internally consistent with its purpose: it only needs your Flowsery API key and instructs the agent to call Flowsery's documented API endpoints. Before installing: (1) verify the skill's provenance (source/owner) against Flowsery's official integrations or docs if possible, since the registry source is unknown; (2) avoid pasting your API key into chat — set it as an environment variable and use the platform's secret storage if available; (3) prefer a least-privilege or read-only API key if Flowsery supports scoped tokens, because the documented endpoints include destructive operations (POST/DELETE) that can modify or remove analytics data; (4) monitor and rotate the key regularly and restrict its usage (IP or project scopes) when possible; (5) if you plan to allow autonomous agent invocation, be aware the agent could call write/delete endpoints using the key — restrict autonomy or permissions accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk977fvcgnnb1acyypy3wxhp15984ansv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
EnvFLOWSERY_API_KEY
Primary envFLOWSERY_API_KEY

Comments