ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lap Ace Provisioning Managementpartner Api

v1.0.0

ACE Provisioning ManagementPartner API skill. Use when working with ACE Provisioning ManagementPartner for providers. Covers 6 endpoints.

0· 78·1 current·1 all-time
by@mickmicksh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and documented endpoints match an Azure Management API (management.azure.com) and the listed endpoints are consistent with a ManagementPartner API. Requiring a single API key-like env var is plausible for an API client, but the SKILL.md explicitly states 'OAuth2' which normally requires an OAuth client/tenant/etc. The mismatch is likely a packaging/notation issue but should be clarified.
Instruction Scope
SKILL.md contains only API endpoint mappings, basic setup (configure OAuth2), and a verification GET. It does not instruct the agent to read unrelated local files or exfiltrate data. It references a local spec file (references/api-spec.lap) for schemas — normal for an API wrapper.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself.
Credentials
Only one environment variable is required (ACE_PROVISIONING_MANAGEMENTPARTNER_API_KEY), which is proportionate in count. However, the name implies an API key while the instructions say OAuth2; it's unclear whether that env var should contain an OAuth access token, client secret, or something else. This ambiguity matters because different secrets have different privileges and lifetimes.
Persistence & Privilege
always:false and no config paths requested. The skill does not request persistent or elevated platform privileges beyond providing an API credential at runtime.
What to consider before installing
This skill appears to be a simple instruction-only wrapper for the Azure ManagementPartner endpoints, but confirm what ACE_PROVISIONING_MANAGEMENTPARTNER_API_KEY actually represents before installing: is it an OAuth access token, a client secret, or a proprietary API key? OAuth2 typically requires tenant/client IDs and secrets or short-lived access tokens; storing long-lived tenant secrets in a single env var can be risky. If you proceed, supply least-privilege credentials (a service principal limited to only the ManagementPartner actions needed), prefer short-lived access tokens if possible, and rotate/revoke the secret after testing. If you need assurance, ask the publisher to clarify the auth flow and required env vars (tenant ID, client ID, client secret vs. bearer token).

Like a lobster shell, security has layers — review code before you run it.

latestvk970pcensc1t9d5kf5h3q899dd83f962

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvACE_PROVISIONING_MANAGEMENTPARTNER_API_KEY

SKILL.md

ACE Provisioning ManagementPartner API

API version: 2018-02-01

Auth

OAuth2

Base URL

https://management.azure.com

Setup

  1. Configure auth: OAuth2
  2. GET /providers/Microsoft.ManagementPartner/operations -- verify access

Endpoints

6 endpoints across 1 groups. See references/api-spec.lap for full details.

providers

MethodPathDescription
GET/providers/Microsoft.ManagementPartner/partners/{partnerId}Get a specific Partner.
PUT/providers/Microsoft.ManagementPartner/partners/{partnerId}Create a specific Partner.
PATCH/providers/Microsoft.ManagementPartner/partners/{partnerId}Update a specific Partner.
DELETE/providers/Microsoft.ManagementPartner/partners/{partnerId}Delete a specific Partner.
GET/providers/Microsoft.ManagementPartner/operationsGet operations.
GET/providers/Microsoft.ManagementPartner/partnersGet a specific Partner.

Common Questions

Match user requests to endpoints in references/api-spec.lap. Key patterns:

  • "Get partner details?" -> GET /providers/Microsoft.ManagementPartner/partners/{partnerId}
  • "Update a partner?" -> PUT /providers/Microsoft.ManagementPartner/partners/{partnerId}
  • "Partially update a partner?" -> PATCH /providers/Microsoft.ManagementPartner/partners/{partnerId}
  • "Delete a partner?" -> DELETE /providers/Microsoft.ManagementPartner/partners/{partnerId}
  • "List all operations?" -> GET /providers/Microsoft.ManagementPartner/operations
  • "List all partners?" -> GET /providers/Microsoft.ManagementPartner/partners
  • "How to authenticate?" -> See Auth section

Response Tips

  • Check response schemas in references/api-spec.lap for field details
  • Create/update endpoints typically return the created/updated object

CLI

# Update this spec to the latest version
npx @lap-platform/lapsh get ace-provisioning-managementpartner-api -o references/api-spec.lap

# Search for related APIs
npx @lap-platform/lapsh search ace-provisioning-managementpartner-api

References

  • Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas

Generated from the official API spec by LAP

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…