ClawHub

Missionclaw

v1.6.0

Integrates with MissionClaw for project management and AI agent orchestration. Use when the user wants to create projects, manage tasks via Kanban, assign wo...

0· 107·0 current·0 all-time
byimsuresh@sureshchitmil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (project management + agent orchestration) align with the code and SKILL.md: the skill issues HTTP requests to a MissionClaw API (default http://localhost:3000) to create/list projects and query status. No unexpected external services or unrelated credentials are requested.
Instruction Scope
SKILL.md tells the user to run a local MissionClaw server (npm run dev or pm2) and suggests copying the skill into ~/.openclaw/skills/. The runtime instructions and code do not attempt to read arbitrary host files or exfiltrate data, but the doc's claim that the skill is “automatically installed” by OpenClaw is not reflected in the manifest (no install spec). The skill also assumes a local service is present — if that service is absent the skill will only produce connection errors.
Install Mechanism
There is no formal install spec (instruction-only), but the bundle includes index.js and package.json. Installation guidance in SKILL.md instructs copying files into the user's ~/.openclaw/skills directory or using a third-party 'clawhub' tool; these are manual operations that write into the user's home directory. No remote downloads or opaque installers are present.
Credentials
No sensitive environment variables or credentials are required. The code reads an optional MISSIONCLAW_URL env var (defaults to localhost). There are no requests for unrelated tokens, cloud credentials, or system config paths.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It is user-invocable and allowed to be invoked autonomously (platform default), which is appropriate for this kind of integration.
Assessment
This skill communicates with a MissionClaw server on your machine (default http://localhost:3000). Before installing, verify you trust the MissionClaw service and the skill source. Note the SKILL.md asks you to copy files into ~/.openclaw/skills and to run a local server (npm/pm2) — those are manual actions that will place code on your machine. The skill does not request credentials or external network access beyond the local API, but you should: (1) run the MissionClaw server in a sandbox or test environment first, (2) inspect index.js and any server it talks to if you need stronger assurance, and (3) confirm provenance of this skill (the homepage is missing and source is unknown) before granting it persistent or widespread use.
index.js:1
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk979rcjsq6v2vf12hr007fpvfx83kezelatestvk979rcjsq6v2vf12hr007fpvfx83kezeopenclawvk979rcjsq6v2vf12hr007fpvfx83kezeproject-managementvk979rcjsq6v2vf12hr007fpvfx83keze

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments