ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lap Advisormanagementclient

v1.0.0

AdvisorManagementClient API skill. Use when working with AdvisorManagementClient for providers, subscriptions, {resourceUri}. Covers 15 endpoints.

0· 100·1 current·1 all-time
by@mickmicksh

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mickmicksh/lap-advisormanagementclient.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lap Advisormanagementclient" (mickmicksh/lap-advisormanagementclient) from ClawHub.
Skill page: https://clawhub.ai/mickmicksh/lap-advisormanagementclient
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ADVISORMANAGEMENTCLIENT_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lap-advisormanagementclient

ClawHub CLI

Package manager switcher

npx clawhub@latest install lap-advisormanagementclient
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, base URL (management.azure.com), and listed endpoints align with Azure Advisor/AdvisorManagementClient and the claimed 15 endpoints — purpose is plausible and coherent with the endpoints provided.
!
Instruction Scope
SKILL.md explicitly requires configuring OAuth2 for auth and shows Azure management endpoints, which is appropriate, but it also references running 'npx @lap-platform/lapsh' in the CLI section (which will fetch code at runtime). The doc does not declare required binaries or explain the OAuth2 flow (tenant/client-id/secret or token exchange). The instructions are vague about how the agent should obtain and use credentials and implicitly encourage running external npx commands.
Install Mechanism
There is no install spec and no code files — lowest-risk form. However, instructions reference npx which would fetch a package on demand; that is not part of an install spec and should be noted by the user.
!
Credentials
The skill declares a single required env var ADVISORMANAGEMENTCLIENT_API_KEY, but the SKILL.md states OAuth2 auth (Azure typically requires OAuth2 tokens / service principal credentials: tenant, client id, client secret, or an access token). Requiring a single 'API_KEY' is inconsistent with OAuth2 and with typical Azure management auth, and no primary credential is declared. This mismatch could lead to users exposing inappropriate credentials or misconfiguring auth.
Persistence & Privilege
always is false and the skill is instruction-only with no install — it does not request permanent presence or elevated platform privileges.
What to consider before installing
Proceed with caution. The skill appears to target Azure Advisor endpoints, but the publisher is unknown and the auth instructions are inconsistent: SKILL.md says use OAuth2 (Azure AD / service principal flow), yet the declared required env var is ADVISORMANAGEMENTCLIENT_API_KEY. Before installing, ask the publisher to clarify the exact authentication method and the precise environment variables needed (tenant ID, client ID, client secret or a short-lived OAuth token are typical for Azure). Do not supply broad Azure credentials until you confirm the minimum required permissions (use a least-privilege service principal scoped to Advisor). Note that the README suggests running 'npx ...' (which will download code at runtime) — ensure you trust that package and that the agent's environment allows such network installs. If you cannot verify the source or correct credential requirements, treat this skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvADVISORMANAGEMENTCLIENT_API_KEY
latestvk97ern71h8b72hqnx7jsjnkr4s83wfhs
100downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@mickmicksh
latest
Download

AdvisorManagementClient

API version: 2017-04-19

Auth

OAuth2

Base URL

https://management.azure.com

Setup

  1. Configure auth: OAuth2
  2. GET /providers/Microsoft.Advisor/metadata -- verify access
  3. POST /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations -- create first generateRecommendations

Endpoints

15 endpoints across 3 groups. See references/api-spec.lap for full details.

providers

MethodPathDescription
GET/providers/Microsoft.Advisor/metadata/{name}Gets the metadata entity.
GET/providers/Microsoft.Advisor/metadataGets the list of metadata entities.
GET/providers/Microsoft.Advisor/operationsLists all the available Advisor REST API operations.

subscriptions

MethodPathDescription
GET/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurationsRetrieve Azure Advisor configurations.
PUT/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurationsCreate/Overwrite Azure Advisor configuration.
GET/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Advisor/configurationsRetrieve Azure Advisor configurations.
PUT/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Advisor/configurationsCreate/Overwrite Azure Advisor configuration.
POST/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendationsInitiates the recommendation generation or computation process for a subscription. This operation is asynchronous. The generated recommendations are stored in a cache in the Advisor service.
GET/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations/{operationId}Retrieves the status of the recommendation computation or generation process. Invoke this API after calling the generation recommendation. The URI of this API is returned in the Location field of the response header.
GET/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/recommendationsObtains cached recommendations for a subscription. The recommendations are generated or computed by invoking generateRecommendations.
GET/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/suppressionsRetrieves the list of snoozed or dismissed suppressions for a subscription. The snoozed or dismissed attribute of a recommendation is referred to as a suppression.

{resourceUri}

MethodPathDescription
GET/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}Obtains details of a cached recommendation.
GET/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}Obtains the details of a suppression.
PUT/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}Enables the snoozed or dismissed attribute of a recommendation. The snoozed or dismissed attribute is referred to as a suppression. Use this API to create or update the snoozed or dismissed status of a recommendation.
DELETE/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}Enables the activation of a snoozed or dismissed recommendation. The snoozed or dismissed attribute of a recommendation is referred to as a suppression.

Common Questions

Match user requests to endpoints in references/api-spec.lap. Key patterns:

  • "Get metadata details?" -> GET /providers/Microsoft.Advisor/metadata/{name}
  • "List all metadata?" -> GET /providers/Microsoft.Advisor/metadata
  • "List all configurations?" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurations
  • "List all configurations?" -> GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Advisor/configurations
  • "Create a generateRecommendation?" -> POST /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations
  • "Get generateRecommendation details?" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations/{operationId}
  • "List all recommendations?" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/recommendations
  • "List all operations?" -> GET /providers/Microsoft.Advisor/operations
  • "Get recommendation details?" -> GET /{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}
  • "Get suppression details?" -> GET /{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}
  • "Update a suppression?" -> PUT /{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}
  • "Delete a suppression?" -> DELETE /{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}
  • "List all suppressions?" -> GET /subscriptions/{subscriptionId}/providers/Microsoft.Advisor/suppressions
  • "How to authenticate?" -> See Auth section

Response Tips

  • Check response schemas in references/api-spec.lap for field details
  • Create/update endpoints typically return the created/updated object

CLI

# Update this spec to the latest version
npx @lap-platform/lapsh get advisormanagementclient -o references/api-spec.lap

# Search for related APIs
npx @lap-platform/lapsh search advisormanagementclient

References

  • Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas

Generated from the official API spec by LAP

Comments

Loading comments...