ClawHub

List Files

v1.0.0

List all files uploaded by this API key. Returns URL and creation timestamp, ordered newest first.

0· 4·0 current·0 all-time
byRishabh Dugar@rishabhdugar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (list files uploaded by an API key) align with the SKILL.md and skill.json. The skill requires no unrelated binaries, env vars, or config paths.
Instruction Scope
Runtime instructions are narrowly scoped to a single HTTP GET to the pdfapihub.com API using the CLIENT-API-KEY header. The SKILL.md does not instruct the agent to read local files, other environment variables, or transmit data to third-party endpoints beyond the documented API.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill package itself.
Credentials
The skill declares no required environment variables or primary credential. It requires the user's API key at runtime to operate, which is proportionate to the stated purpose. Users should confirm the API key's scope/permissions before use.
Persistence & Privilege
always:false and no evidence of the skill attempting to persist configuration or modify other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges.
Assessment
This skill is coherent with its stated purpose: it simply lists files associated with a provided API key at pdfapihub.com. Before using it: 1) Verify pdfapihub.com and its documentation to ensure you trust the service. 2) Use an API key with least privilege (read-only / listing scope) where possible. 3) Be aware that returned file URLs (S3 links) may be publicly accessible; do not paste sensitive API keys into untrusted UIs. 4) If you do not want the agent to call this API autonomously, disable model invocation or only call the skill manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efe19z0cw1yxxq477j1fy39852dsz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments