ClawHub

NS Trains

v1.1.0

Check Dutch train schedules, departures, disruptions, and plan journeys using the NS API. Perfect for daily commute checks.

1· 1.8k·0 current·0 all-time
by@eggressive
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: all scripts query NS endpoints (journeys, departures, arrivals, disruptions, stations). The only required binary is node and the only required secret is NS_SUBSCRIPTION_KEY — both are appropriate for calling the NS API.
Instruction Scope
SKILL.md instructs setting NS_SUBSCRIPTION_KEY and running the included node scripts. The scripts only read env vars (subscription key, optional commute stations), call NS API endpoints, and print results. They do not read unrelated files, leak data to external hosts, or execute arbitrary shell commands.
Install Mechanism
There is no install spec (instruction-only), but the skill includes runnable JS files. No external downloads or package installs are performed by the skill. Note: scripts rely on Node's built-in fetch (works on modern Node versions); the SKILL.md only requires 'node' but does not specify a minimum Node version.
Credentials
Only NS_SUBSCRIPTION_KEY (and backward-compatible NS_API_KEY) are required, plus optional NS_HOME_STATION / NS_WORK_STATION for convenience. These variables are appropriate and minimal for the stated API interactions.
Persistence & Privilege
Skill does not request persistent/system-wide privileges, does not set always:true, and does not modify other skills or system configuration. Autonomous invocation (model can call it) is the platform default and is not excessive here.
Assessment
This skill appears to be what it says: it queries the official NS API and only needs your NS subscription key. Before installing, consider: (1) Keep NS_SUBSCRIPTION_KEY secret — inject it via your runtime secret manager rather than committing it. (2) The included ns-api.mjs enforces HTTPS and an allowlist (gateway.apiportal.ns.nl) and sets the Ocp-Apim-Subscription-Key header — you can review that file yourself (it's included) to confirm no other hosts are contacted. (3) Ensure your environment has a compatible Node version (modern Node provides global fetch). (4) Because the code runs locally, only grant the subscription key if you trust this skill source; if you obtain the key elsewhere (or rotate it), revoke it from the NS API portal if you suspect exposure. Overall the package is internally consistent and minimal for its purpose.

Like a lobster shell, security has layers — review code before you run it.

apivk979kx5k2ps93cadfz0bevej2d8086nkcommutevk979kx5k2ps93cadfz0bevej2d8086nklatestvk9713enkqn74b6hy8rkd75nxwd80mqcdnetherlandsvk979kx5k2ps93cadfz0bevej2d8086nktrainsvk979kx5k2ps93cadfz0bevej2d8086nktransportvk979kx5k2ps93cadfz0bevej2d8086nk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚆 Clawdis
Binsnode
EnvNS_SUBSCRIPTION_KEY
Primary envNS_SUBSCRIPTION_KEY

Comments