1p.io Shortlink API
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a normal short-link integration, but it tells the agent to automatically send any long URL to 1p.io without clear user approval or safeguards for private links.
Review this skill before installing. It may be useful for shortening links, but configure or use it so the agent asks before shortening, especially for private documents, internal systems, presigned downloads, password-reset links, or any URL containing tokens or personal data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A private document link, password-reset link, presigned download URL, internal URL, or URL containing tokens could be sent to 1p.io before the user sees it.
This directs the agent to automatically transmit arbitrary long URLs to the 1p.io service, rather than only shortening links the user explicitly selected.
Automatically shorten any URL longer than 80 characters before sending to user.
Only shorten URLs when the user explicitly asks, and do not shorten URLs that contain secrets, authentication tokens, private file access, internal hosts, or other sensitive data.
If authorized, the agent may be able to view organization short links, delete them, submit or vote on feature requests, and update feature status if granted edit permission.
The skill uses a provider API key and can access or mutate organization-scoped resources when authorized. This is disclosed and related to the service, but it is broader than simple link creation.
Returns api_key immediately... Lists all short links in your organization... Deletes a short link... Update feature status (requires "Can edit" permission)
Grant the minimum needed 1p.io permissions, avoid enabling edit/delete access unless required, and require explicit user confirmation before deleting links or changing feature status.