ClawHub

Nimrobo

v0.17.0

Use the Nimrobo CLI for voice screening and matching network operations.

3· 1.6k·2 current·2 all-time
by@virang-nimrobo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the documented commands (voice screening + matching network). However the skill metadata declares no required binaries or env vars while the documentation repeatedly assumes an external nimrobo CLI and an API key stored in ~/.nimrobo/config.json — a minor omission in the metadata rather than a substantive mismatch.
Instruction Scope
SKILL.md and the included docs explicitly instruct running nimrobo CLI commands, using JSON files, and setting context; they do not instruct the agent to read unrelated system secrets or to exfiltrate data to unknown endpoints. Onboarding and login expect an API key to be provided interactively or piped to the CLI.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The docs point users to npm-based installation, but package names are inconsistent across files (npm install -g nimrobo-cli vs npm install -g @nimrobo/cli). Installing would rely on an npm package from the public registry — verify the package name and publisher before installing.
Credentials
The skill does not request environment variables in metadata, which is consistent with being documentation-only. The docs show the CLI stores an API key in ~/.nimrobo/config.json and uses endpoints like https://app.nimroboai.com/api — expect the CLI to need that API key. There are no requests for unrelated credentials (AWS, GitHub, etc.).
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill is documentation-only and does not request permanent platform-level privileges or modifications to other skills' configurations.
Assessment
This package is an instruction-only skill providing documentation for a third-party CLI. Before installing or running anything: 1) verify the official source (there is no homepage and 'source' is unknown) and confirm the correct npm package name and publisher; 2) be aware the CLI will ask for and store an API key at ~/.nimrobo/config.json — do not provide credentials you are not comfortable storing; 3) inspect the npm package (or its repository) before running npm install -g to ensure there are no unexpected install scripts or postinstall behaviors; 4) when using the CLI, review commands that read local files (e.g., --content-file, -f) before pointing them at sensitive files or piping unknown data; and 5) if you need higher assurance, request a homepage/repo and a signed release or official documentation from the vendor before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97am6dh2ny3d1g5kzm531e31580ebg0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments