Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description and included files consistently implement an electronic components search that queries a single supplier API (http://ip.icsdk.com:2022/api/v1/raw) with a fixed 'supply=nkwd' token. The skill does not request unrelated environment variables, binaries, or system paths.
Instruction Scope
SKILL.md and the test script instruct the agent to send user search strings to the external API and return the 'data' field. There is no instruction to read local files or other credentials. However, because the skill auto-triggers on user queries, any text the user provides (including potentially sensitive details) will be forwarded to the external endpoint.
Install Mechanism
Instruction-only skill with no install spec and one straightforward Python test script. No downloaded archives or third‑party package installs.
Credentials
The skill requests no environment variables or user credentials. It embeds a fixed auth token ('supply=nkwd') in the URL; this hardcoded token is unusual but does not require user secrets. No other credentials are requested.
Persistence & Privilege
No special persistence requested (always=false). The skill does not modify other skills or system configuration in the provided files.
Assessment
This skill is coherent with its stated purpose: it forwards component search queries to a single external supplier API and returns the response. Before installing or using it, consider: 1) All text you type to trigger the skill will be sent to http://ip.icsdk.com:2022 over HTTP (not HTTPS) — this can expose content in transit and to the remote server. 2) The API host is not a well-known public HTTPS endpoint; verify the vendor/endpoint if you care about confidentiality or authenticity. 3) The documentation shows inconsistent success codes (200 vs 2000) — test behavior with non-sensitive queries first. 4) Avoid entering any sensitive or proprietary information into queries. If you need guarantees about encryption, provenance, or privacy, request an HTTPS endpoint or a supplier with documented security policies before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97fj83hkznt9k29e4kkph1f8x833gzx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.