ClawHub

IDFM Journey (PRIM/Navitia)

v0.1.0

Query Île-de-France Mobilités (IDFM) PRIM/Navitia for place resolution, journey planning, and disruptions/incident checks. Use when asked to find routes in Île-de-France (e.g., "itinéraire de X à Y"), resolve station/stop ids, or check RER/metro line disruptions, and you have an IDFM PRIM API key.

1· 1.4k·0 current·0 all-time
by@anthonymq·duplicate of @anthonymq/idfm-journey-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script and reference doc. The only credential referenced (IDFM_PRIM_API_KEY) is exactly what the PRIM/Navitia API requires, and the script calls the documented Navitia endpoints.
Instruction Scope
SKILL.md only instructs setting IDFM_PRIM_API_KEY and running the bundled Python script to call /places, /journeys, and /disruptions. The script does not read unrelated files, other env vars, or send data to unexpected external endpoints (default base URL is the official PRIM domain).
Install Mechanism
There is no install spec (instruction-only with a small bundled script). No downloads or archive extraction are performed; the script uses only the Python standard library.
Credentials
Only one environment variable is required (IDFM_PRIM_API_KEY), which is necessary and proportionate for authenticating to the IDFM PRIM API. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. It runs on demand and relies on the environment-provided API key.
Assessment
This skill appears to do exactly what it says: call Île‑de‑France PRIM/Navitia endpoints using your IDFM_PRIM_API_KEY. If you plan to install it: (1) only provide your IDFM API key if you trust the skill; the key is required to use the API. (2) Review the small script (it's pure Python, standard library) yourself if you can — it is readable and uses the documented PRIM base URL. (3) Be cautious if you or the agent override --base-url to an untrusted host, since that could send your API key elsewhere. Rotate the key if you suspect it was exposed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbv1qefk2rbk8g00k6c9g5h80kd9t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments