ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Neta Community

Neta API community skill — browse interactive feeds, view collection details, like and interact with content, and browse content by tags and characters in a...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 28 · 0 current installs · 0 all-time installs
byHu Xiuhan@huxiuhan
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be an instruction-only community browsing/interaction skill, which fits the described commands, but the SKILL.md requires a NETA_TOKEN and a neta-cli/@talesofai npm package. The registry metadata lists no required env vars, no required binaries, and no install spec — this mismatch (undisclosed credential and installation) is not proportionate to what the metadata claims.
Instruction Scope
The runtime instructions are focused on feed browsing, tag/character queries, and interactions using neta-cli. They advise installing a CLI package, setting NETA_TOKEN, caching JSON to local paths (e.g., character_cache/ , /tmp/), and using tools like jq and DEBUG logs. The actions are within the stated purpose, but instruct creating local files and installing global npm packages; those operational details should have been declared in metadata.
!
Install Mechanism
There is no formal install spec in the registry, yet SKILL.md instructs installing @talesofai/neta-skills globally via npm or pnpm. Installing an unvetted global npm package is a moderate risk (packages execute code on install and at runtime). The absence of a declared install step in metadata reduces transparency and trust.
!
Credentials
SKILL.md requires a NETA_TOKEN environment variable, but the registry declares no required env vars or primary credential. Requesting an API token is plausible for this skill, but not disclosing it in metadata is a proportionality and transparency concern. No other credentials are requested.
Persistence & Privilege
The skill is not always-on, does not request system-wide config paths, and does not declare privileged persistence. It does recommend writing cache files under local directories, which is normal for CLI usage.
What to consider before installing
What to consider before installing/using this skill: - Inconsistency: The SKILL.md says you must set NETA_TOKEN and install a global npm package (@talesofai/neta-skills), but the skill registry metadata does not declare any required env vars or installs. Ask the skill author/maintainer to update the metadata to declare NETA_TOKEN and an explicit install spec. - Verify the npm package provenance: check the @talesofai/neta-skills package page and its source repo (GitHub) to confirm the publisher, readme, and any reviews; inspect package contents before installing (don't blindly npm i -g). Prefer installing in a contained environment (container or VM) first. - Least privilege: If you provide a NETA_TOKEN, ensure it has minimal scope and can be rotated. Do not reuse broader tokens (e.g., platform-wide credentials) for this skill. - Global installs: The instructions recommend global npm/pnpm installs. Global packages run code on install and at runtime; prefer local installs or isolated environments if possible. - Local files: The skill suggests caching API responses to local directories (character_cache, research/). Review where data is stored and ensure you’re comfortable with those files being written. - If you cannot verify the package or the author, treat the skill as untrusted. Request that the author add required env vars and an install spec to the registry and provide links to the CLI repo/source before proceeding. Given these inconsistencies, proceed with caution or in a sandbox until the metadata and provenance are clarified.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97bdvb6eh9zan4pfdq4km84d583323q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Neta Community Skill

Used to interact with the Neta API for community feed browsing, interactions, and tag‑based queries.

Instructions

  1. For tasks like “see what’s in the community”, “scroll the feed”, or “like or interact with works”, use this skill as follows:
  2. Recommended flow:
    • Use the feed command to fetch a list of recommended content.
    • Use the collection‑detail command to inspect a specific work.
    • Perform likes and other interactions on works as needed.
  3. If the user needs systematic research or complex filtering by categories/keywords, switch to neta-suggest.
  4. If the user wants to create new content (images/videos/songs/MVs), switch to neta-creative.

Prerequisites

Make sure the NETA_TOKEN environment variable is set.

Install the latest version of the Neta CLI:

neta-cli --version
0.8.0

npm i @talesofai/neta-skills@latest -g

pnpm add -g @talesofai/neta-skills@latest

Commands

Feed

Get interactive feed

neta-cli request_interactive_feed --page_index 0 --page_size 3

Get collection details

neta-cli read_collection --uuid "collection-uuid"

📖 Detailed guide

Community interactions

neta-cli like_collection --uuid "target collection UUID"

📖 Detailed guide

Tag queries

Get tag info

neta-cli get_hashtag_info --hashtag "tag_name"

📖 Detailed guide — research flow and analysis methods.

Get characters under a tag

neta-cli get_hashtag_characters --hashtag "tag_name" --sort_by "hot"

Get collections under a tag

neta-cli get_hashtag_collections --hashtag "tag_name"

Character queries

Search characters

neta-cli search_character_or_elementum --keywords "keywords" --parent_type "character" --sort_scheme "exact"
``]

📖 [Detailed guide](./references/character-search.md) — search strategies and parameter choices.

**Get character details**

```bash
neta-cli request_character_or_elementum --name "character_name"

Query by UUID

neta-cli request_character_or_elementum --uuid "uuid"

Reference docs

ScenarioDoc
🎮 Interactive feedinteractive-feed.md
💬 Community interactionssocial-interactive.md
🏷️ Tag researchhashtag-research.md
👤 Character queriescharacter-search.md

Usage tips

  1. Browse before interacting: use the feed first to understand the overall content landscape, then interact (like, etc.) with the works that matter.
  2. Leverage tags: combining tag queries with character searches quickly focuses on the most relevant set of works.
  3. Combine with research/creation skills: use neta-suggest for deeper tag/category research, and neta-creative when you want to create derivative works based on community content.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…