ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fuelwatch

v1.0.0

Build, deploy, and extend the FuelWatch crowdsourced fuel availability tracker for South Africa. Use when working on FuelWatch features, fixing bugs, deployi...

0· 67·1 current·1 all-time
by@stefanferreira

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for stefanferreira/fuelwatch.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Fuelwatch" (stefanferreira/fuelwatch) from ClawHub.
Skill page: https://clawhub.ai/stefanferreira/fuelwatch
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install fuelwatch

ClawHub CLI

Package manager switcher

npx clawhub@latest install fuelwatch
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (build, deploy, extend FuelWatch) aligns with the instructions to edit files, restart the service, and add a backend. However the SKILL.md also references external services (Supabase, Whisper/OpenAI, WhatsApp integration) and a live host at 161.97.110.234:8080 and a personal phone number; those external integrations meaningfully expand the skill's capabilities compared with a simple local-editing helper and are not declared in the registry metadata.
!
Instruction Scope
Instructions assume access to /root/fuelwatch and the ability to run systemctl (view and restart a systemd service). They also describe replacing localStorage with networked DB calls and auto-inserting reports from WhatsApp into a remote Supabase DB. The SKILL.md does not contain explicit steps that read unrelated host files or exfiltrate secrets, but it does instruct actions that require elevated host privileges and network access to external services.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code, which minimizes direct install risk. No downloads or install scripts are present in the manifest.
!
Credentials
The files reference SUPABASE_URL and SUPABASE_ANON_KEY and recommend using Whisper/OpenAI and WhatsApp integrations, but the registry lists no required environment variables or primary credential. That mismatch means the skill will need external credentials at runtime (Supabase keys, OpenAI API key, WhatsApp channel credentials) but does not declare them—this is disproportionate and should be explicit.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs, but it assumes the ability to edit files under /root and control a systemd service. Those are significant system privileges; users should only use this skill in environments where the agent is authorized to perform system administration.
What to consider before installing
This skill reads like developer documentation for a local web app, but it raises several red flags you should clarify before installing or giving it permissions: (1) It assumes direct access to /root/fuelwatch and the ability to run systemctl — only grant that to trusted code or run in an isolated VM/container. (2) Phase 2/3 plans require Supabase keys, an OpenAI/Whisper API key, and a WhatsApp channel; these credentials are not declared in the registry—ask the author which env vars will actually be needed and why. (3) The SKILL.md references an external IP (161.97.110.234) and a personal WhatsApp number; confirm you trust those endpoints and the operator. (4) If you plan to enable the WhatsApp auto-ingest, verify how incoming messages are validated/ratelimited to avoid spam or malicious reports. To improve confidence: request the skill source (homepage or repo), the exact env vars it will use, the systemd service unit content, and whether it will perform any network calls automatically. If you proceed, run it in a sandboxed environment and inspect/backup /root/fuelwatch and the systemd unit before making changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3q2cgfyrxcdmsy6fs7pajx84tsrx
67downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@stefanferreira
latest
Download

FuelWatch — Crowdsourced SA Fuel Tracker

Overview

FuelWatch is a mobile-first web app for tracking diesel/petrol prices and availability at SA fuel stations. Built during the 2026 Iran war / diesel shortage crisis when diesel prices jumped from ~R21 to R28+ and many stations ran dry.

Live URL: http://161.97.110.234:8080
Files: /root/fuelwatch/ (index.html, style.css, app.js)
Service: systemctl status fuelwatch (auto-restarts, survives reboots)

Architecture

  • Pure HTML + vanilla JS + CSS (no build step, no framework)
  • Data in localStorage (prototype — no backend yet)
  • Served by Python HTTP server via systemd

Key Features

  • Station list/cards: name, suburb, fuel type, price/L, availability status
  • Availability: 🟢 Has Fuel / 🟡 Low Stock / 🔴 Out of Stock
  • Reports older than 2 hours flagged ⚠️ Unverified
  • ➕ Report form (no login required)
  • 📤 Share button (native share or clipboard)
  • Search by suburb/station, filter by fuel type, sort by recent/price
  • 8 seed reports pre-loaded (clears if localStorage has data)
  • XSS-safe (user input escaped before render)

Extending the app

See references/backend-plan.md for the planned Supabase backend.

Add a new feature

Edit /root/fuelwatch/app.js for logic, style.css for styling, index.html for structure. No build step — changes are live immediately.

Deploy updates

# Files are served directly — edit and refresh browser
systemctl status fuelwatch   # check service is running
systemctl restart fuelwatch  # if needed

Add real backend (Phase 2)

  • Supabase (free tier): Postgres + REST API + real-time
  • Replace localStorage read/write in app.js with fetch() calls
  • Add Supabase JS client via CDN script tag
  • See references/backend-plan.md

WhatsApp Reporting Channel (Phase 3)

Number: +27822209212 (Stef's spare WhatsApp)

Concept: People send WhatsApp text or voice notes to report fuel availability. OpenClaw receives, parses/transcribes, and submits to FuelWatch DB automatically.

Flow:

  1. User sends: "Shell Edenvale diesel R27.50 has fuel" (or voice note)
  2. OpenClaw parses structured data: station / suburb / fuel type / price / availability
  3. Auto-inserts into Supabase reports table
  4. Web UI updates in real time

Why: Truckers + road users → voice note while driving. Zero friction. No app needed.

Requirements:

  • WhatsApp channel connected to OpenClaw (wacli or WAHA)
  • Supabase backend live (Phase 2 first)
  • NLP parser for free-text reports (can use LLM extraction)
  • Voice transcription: OpenAI Whisper or Groq Whisper

See: references/whatsapp-reporting.md (to be written when building Phase 3)

Marketing plan (when ready to go public)

  • Register domain (fuelwatch.co.za or similar)
  • Deploy to Vercel (free, vercel --prod from /root/fuelwatch)
  • Post to: SA Facebook groups (Arrive Alive, Joburg/CT/DBN community groups, trucker groups)
  • Tweet: #DieselShortage #FuelCrisis #SouthAfrica — tag @ArrivAlive @MyBroadband
  • Comment on IOL/MyBroadband articles about diesel crisis
  • Email MyBroadband/CarMag for coverage ("local tool built in response to crisis")

Competitive context

myTank.co.za — existing competitor. Has price comparison, rewards calc. Missing: availability status, no crowdsourcing, requires account to see prices, no crisis mode.

Our edge: availability (Has Fuel / Low Stock / Out of Stock) is the killer feature — what people actually need during a shortage.

Comments

Loading comments...