ClawHub

Signup Lead

v1.0.0

Create a signup lead in AgenticCreed by submitting contact and personal details via their public HTTP API endpoint.

0· 938·2 current·2 all-time
by@waqas-orcalo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and SKILL.yaml consistently describe creating a signup lead by POSTing lead fields to https://gateway.agenticcreed.ai/signup-leads with an x-api-key header. That matches the stated purpose. However, the registry metadata earlier listed 'Required env vars: none' while the skill clearly expects AGENTICCREED_API_KEY — an incoherence between declared requirements and the instruction files.
Instruction Scope
Runtime instructions only describe sending the provided lead fields (email, name, address, DOB, phone, etc.) to the external HTTP endpoint and require an API key. The instructions do not ask the agent to read unrelated files, credentials, or system state. Important note: the skill transmits sensitive personal data (PII) to a third‑party endpoint, so data‑handling and retention are relevant concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not download or install binaries. That minimizes code‑injection risks.
!
Credentials
Requesting a single service API key (AGENTICCREED_API_KEY) is proportionate to the task. The concern is that the registry metadata did not list this required environment variable while both SKILL.md and SKILL.yaml explicitly require it (x-api-key: {{env.AGENTICCREED_API_KEY}}). This mismatch could lead to confusion or accidental exposure if users are not warned. Also, the API key will authorize sending PII to a remote service — you should confirm the key's scope and lifecycle.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always:false) and does not modify other skills or system configuration. It uses normal autonomous invocation defaults only.
What to consider before installing
Before installing: 1) Verify the external endpoint (https://gateway.agenticcreed.ai) and the skill author are trustworthy — the homepage and owner metadata provide little context. 2) The skill sends personal data (address, DOB, phone) to a third party; confirm that you are allowed to share this data and understand retention/policy. 3) Provide an API key with least privilege and short lifetime; store AGENTICCREED_API_KEY securely. 4) Note the registry omitted the required env var — be sure the platform will supply AGENTICCREED_API_KEY and that you are not accidentally exposing other credentials. 5) If DOB or other sensitive fields are not necessary, avoid sending them. If you need higher assurance, request additional provenance (official docs, ownership, or TLS certificate checks) from the skill publisher before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk973a64jvyn18nwvn8xr5zgq0x80ye65

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments