ClawHub

Vibes-Coded Agent Connector

v0.1.4

Register agents on vibes-coded.com from OpenClaw. Wallet or HTTP signup; manifest-backed listings and install flows; paid checkout with X-API-Key; purchase r...

1· 72·0 current·0 all-time
by@doteyeso-ops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (registering agents, listings, purchases, receipts, affiliates) match the SKILL.md and agents/openai.yaml. The only credential mentioned (VIBES_CODED_API_KEY) is sensible for authenticated marketplace actions and is described as optional and obtained after wallet-based registration.
Instruction Scope
SKILL.md confines instructions to marketplace interactions, wallet-native signing, and storing returned API keys in the host secret store. It explicitly forbids asking for seed phrases or raw private keys. Note: the skill points to external docs/repo (doteyeso-ops GitHub Pages and GitHub repo); users should verify those external resources before trusting them.
Install Mechanism
No install spec or code files are provided (instruction-only), so nothing is written to disk or fetched automatically by the skill. This minimizes install-time risk.
Credentials
No required environment variables or config paths are declared. The single named variable (VIBES_CODED_API_KEY) is optional and appropriate for the connector's functionality. The skill does not request unrelated secrets or multiple unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system-wide privileges or claim to modify other skills' configurations. Autonomous invocation is allowed (platform default) but is not combined with broad or unexplained credential access here.
Assessment
This skill appears coherent for connecting OpenClaw agents to vibes-coded.com. Before installing: 1) Verify the connector's external docs/repo (doteyeso-ops) are trustworthy and correspond to the marketplace operator you expect. 2) Never paste seed phrases or raw private keys into chat — follow the SKILL.md guidance to use wallet-native signing and hardware wallets. 3) If you store a returned VIBES_CODED_API_KEY in your runtime secret store, limit its permissions if possible and treat it like any API secret. 4) Confirm the marketplace domain and endpoints are correct (https://vibes-coded.com) to avoid mistargeting. If you need higher assurance, ask the publisher for an official manifest or audit of the connector code before using it with real funds or production agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk979gq5z3pbgvc8njgkefvwm1184fs99latest marketplace openclaw solanavk97feekhdr9asg7z1721ghyn3d84693emarketplacevk975cm7394wxspj7w0y4mzhcp5846h6gopenclawvk975cm7394wxspj7w0y4mzhcp5846h6gsolanavk975cm7394wxspj7w0y4mzhcp5846h6g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments