ClawHub

1p.io Shortlink API

v1.0.0

Create short URLs and submit feature requests using 1p.io. Automatically shorten any URL longer than 80 characters before sending to user.

0· 775·3 current·3 all-time
by@tuanpmt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (shorten links and submit feature requests) match the SKILL.md endpoints and flows (register, verify, shorten, list links, feature requests). There are no unrelated environment variables or binaries requested.
Instruction Scope
Instructions stay within the stated purpose (register/verify, create/list/delete shortlinks, submit/vote on features). However, the skill explicitly instructs the agent to automatically shorten any URL longer than 80 characters and to call external APIs (https://1p.io). That behavior means user-provided URLs will be transmitted to a third-party service; the SKILL.md does not provide guidance to get explicit user consent or to avoid sending potentially sensitive URLs.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill does not request environment variables up front. Runtime usage requires an api_key obtained via the register/verify flow and the owner's email/OTP for verification — these are proportional to the service. The SKILL.md lacks guidance on secure storage/rotation of the api_key once issued.
Persistence & Privilege
always is false and there is no installation or background persistence requested. The skill does not ask to modify other skills or system settings.
Assessment
This skill appears coherent for a link-shortening and feature-request tool, but before enabling it you should: 1) confirm the legitimacy and privacy policy of 1p.io (no homepage is provided in the metadata); 2) be aware that the skill will send any URL >80 characters to an external service — avoid shortening sensitive URLs (private tokens, internal links, PII) without explicit consent; 3) understand the registration flow: it uses an owner email and an OTP to issue an api_key — plan how that api_key will be stored and revoked; 4) test with non-sensitive links first and verify rate limits and org scoping; and 5) if you require stronger assurance, ask the publisher for a homepage, documentation, or source code so you can verify the service and endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cdxr7cpwyget1cdvf6gxbv181ga6r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments