ClawHub

Gemini (Alvis)

v1.1.0

LLM one-shot Q&A, summaries, and generation via SkillBoss API Hub.

0· 29·0 current·0 all-time
by@basillytton·duplicate of @alvisdunlop/alvis2-gemini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (LLM Q&A/summaries via SkillBoss) align with the runtime instructions and required environment variable. The skill only needs SkillBoss_API_KEY to call https://api.SkillBoss.co/v1/pilot, which is appropriate for a proxy/aggregator service.
Instruction Scope
SKILL.md contains only examples for HTTP requests (curl, Python requests) to the SkillBoss /v1/pilot endpoint. There are no instructions to read local files, other env vars, system paths, or to transmit data to any endpoint other than SkillBoss.
Install Mechanism
No install spec or code files are present (instruction-only). Nothing is downloaded or written to disk as part of an install.
Credentials
The only required environment variable is SkillBoss_API_KEY, which is proportional and expected for a service that authenticates to a third-party API. No unrelated credentials or config paths are requested.
Persistence & Privilege
Flags show normal defaults (always: false, agent-invocable). The skill does not request permanent presence or elevated platform privileges and does not instruct modification of other skills or system settings.
Assessment
This skill is coherent: it simply forwards prompts to the SkillBoss API Hub and requires one API key. Before installing, verify you trust SkillBoss (review their privacy/TOS) because any prompts (including sensitive text) will be sent to their servers. Use a restricted/rotatable API key, avoid sending secrets or PII in prompts, monitor usage and billing for the key, and prefer creating a least-privilege key if the provider supports it. Note there is no source code to audit (instruction-only), so you must trust the external service and the registry metadata (owner/slug). If you need higher assurance, request the provider's official docs or an auditable implementation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97araw385md4rw1hwsw9x50r98507ft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

♊️ Clawdis
EnvSkillBoss_API_KEY

Comments