ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

InfoDashboard

v1.0.0

Guided SOP for setting up and using InfoDashboard from OpenClaw. Use when the user wants to clone the InfoDashboard repo, configure database and LLM keys, st...

1· 98·0 current·0 all-time
by@zyxapple98

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zyxapple98/infodashboard.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "InfoDashboard" (zyxapple98/infodashboard) from ClawHub.
Skill page: https://clawhub.ai/zyxapple98/infodashboard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install infodashboard

ClawHub CLI

Package manager switcher

npx clawhub@latest install infodashboard
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (guided setup and use of InfoDashboard) matches the instructions: cloning a GitHub repo, configuring .env.local with LLM and DB info, installing Python deps, and running the server. No unrelated env vars, binaries, or installs are requested by the skill itself.
Instruction Scope
SKILL.md and referenced docs limit actions to repository checkout detection/cloning, editing .env.local (user-driven), dependency install, running the server, and submitting generation requests to the local service. The skill explicitly forbids requesting secrets in chat and requires confirmation before state changes. It does read optional local config (~/.openclaw/openclaw.json) and filesystem state (repo path, repo cleanliness), which is expected for a setup SOP.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed by the platform. All commands run are local shell commands the user is to confirm — lowest install risk from the skill bundle itself.
Credentials
The skill does not request credentials in chat, but it directs the user to create/modify .env.local containing LLM provider keys and SQL Server credentials (including SOCKS5 proxy settings). These secrets are necessary for the described InfoDashboard functionality, but they grant access to internal databases and LLM providers so the user must supply them locally and verify trust in the third-party repo.
Persistence & Privilege
always is false and the skill is user-invocable; it may read an optional ~/.openclaw/openclaw.json for defaults but does not request permanent platform privileges or modify other skills' configs. The ability to run autonomously (model invocation allowed) is the platform default and not a special privilege here.
Assessment
This skill is internally consistent with its stated purpose, but before using it: 1) Inspect the InfoDashboard repository (https://github.com/AInsteinAsia/InfoDashboard) yourself before running any code; 2) Do not paste API keys or DB passwords into chat — the skill explicitly forbids that and asks you to edit .env.local locally; 3) Be aware running the server will attempt to start an frp SOCKS5 tunnel (tools/frpc*), which can connect to remote infrastructure once you provide frpc config — verify those binaries and the frpc config (tools/frpc-visitor.ini) before running; 4) Confirm Docker, Python, and other prerequisites are present and that you trust the external LLM provider you configure; and 5) If you want higher assurance, review main.py and any networking code in the repo to confirm it doesn't exfiltrate data beyond the intended LLM/database calls.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🏭 Clawdis
latestvk970v3078pzb25sah3gd60evf183x6pn
98downloads
1stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@zyxapple98
latest
Download

InfoDashboard Skill

Use this as a guided, confirmation-heavy SOP. Do not compress the whole setup into one reply and do not perform state-changing actions without explicit user confirmation.

Core Rules

  • Move one phase at a time.
  • Before any state-changing action, ask for confirmation.
  • If local state already exists, show what you found and ask whether to keep it.
  • InfoDashboard generation uses server-side provider config, not the OpenClaw agent's own model or API key.
  • This skill must not rely on any request-time model or provider overrides.
  • Only server-side config files (.env.local) may control LLM provider selection.
  • Do not ask the user to paste API keys or database passwords into chat.
  • Prefer guiding the user to edit .env.local themselves.
  • Do not offer to write secrets into config files on the user's behalf.
  • Once setup is complete and the user clearly asks to generate a dashboard, do not ask for a second confirmation before submitting the generation request.

Optional Skill Config

If present, read defaults from ~/.openclaw/openclaw.json under:

{
  "skills": {
    "entries": {
      "infodashboard": {
        "enabled": true,
        "config": {
          "repoDir": "/path/to/InfoDashboard",
          "url": "http://localhost:8001"
        }
      }
    }
  }
}

Use repoDir and url only as defaults. Still confirm before acting.

SOP Phases

1. Clone Or Reuse Existing Repo

Load references/clone.md.

Establish which InfoDashboard checkout to use. If a checkout already exists, show the path and ask whether to reuse it.

2. Configure Environment

Load references/config.md.

Configure .env.local with LLM provider keys and database connection details. This includes verifying that Docker and the frpc SOCKS5 tunnel are in place.

3. Start And Verify

Load references/startup.md.

Start the FastAPI server and confirm it is healthy at GET {url}/.

4. Generate A Dashboard

Load references/generate-flow.md.

Submit the user's natural-language requirement and follow the SSE stream until a dashboard URL is returned.

Response Style

  • Keep each step short and explicit.
  • Prefer 2-3 concrete options when the user must choose.
  • Always include the recommended option first and explain why in one sentence.
  • After a step completes, say what changed and what the next confirmation is for.
  • When returning a dashboard URL, place the raw absolute URL on its own line with no bold, markdown link syntax, code formatting, or tables.

Comments

Loading comments...