ClawHub

Anytype

v1.0.3

Interact with Anytype via anytype-cli and its HTTP API. Use when reading, creating, updating, or searching objects/pages in Anytype spaces; managing spaces;...

2· 476·1 current·1 all-time
byTadas Šubonis@tadas-subonis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's code and SKILL.md are consistent with the stated purpose (local Anytype HTTP API + anytype-cli). However, the registry metadata does not declare the `anytype` binary as a required binary even though SKILL.md explicitly references it and instructs installing anytype-cli from GitHub. This is a mild mismatch (missing required-binary declaration) but not dangerous by itself.
!
Instruction Scope
SKILL.md instructs creation of bot accounts, starting the local service, creating API keys, and storing the key in ~/.openclaw/workspace/.env. The package also includes SETUP.md that the author explicitly calls "Not for publishing" yet it was published with the skill; SETUP.md contains primary space IDs, invite IDs, hashes and object IDs which could be sensitive or link to private content. The runtime instructions also include a destructive workflow (DELETE + recreate) to update content — that is documented and warned about, but it's destructive and callers must be careful.
Install Mechanism
There is no install spec (instruction-only with a small helper script). No external downloads or archive extraction are automated by the skill. SKILL.md suggests installing anytype-cli from GitHub, but that is a manual step and not executed by the skill itself.
Credentials
The skill only requires a single credential, ANYTYPE_API_KEY, which is appropriate for accessing the Anytype API. A caution: SKILL.md and the helper script advise storing the key in plaintext at ~/.openclaw/workspace/.env — this is convenient but increases risk of local exposure. The helper script reads only ANYTYPE_API_KEY and no other env vars.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and does not attempt to persist beyond its own workspace file. It does instruct the user to write the API key into the workspace .env (user action), which is within scope but should be considered a local secret-storage decision.
What to consider before installing
This skill is generally coherent with its description (it calls the local Anytype HTTP API and includes a small helper script). Before installing: (1) Inspect SETUP.md — it contains space IDs, invite IDs, and hashes marked "Not for publishing"; remove or sanitize that file if you don't want those identifiers exposed. (2) Prefer using your platform's secret/vault features rather than echoing the API key into ~/.openclaw/workspace/.env (storing API keys in plaintext risks local exposure). (3) Ensure you actually have or want the anytype CLI/service running on 127.0.0.1:31012; the helper calls that local endpoint. (4) Be careful with the documented DELETE+recreate update pattern — it's destructive; back up content before using. If you want to proceed, consider removing instance-specific data from the published package and storing the API key in a secure secret store.

Like a lobster shell, security has layers — review code before you run it.

latestvk9799q59xaafh4j1cq0cx0cpzh82bhdd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvANYTYPE_API_KEY
Primary envANYTYPE_API_KEY

Comments