Get the FREE Ultimate OpenClaw Setup Guide →
N

testSkillX

Flagged

@NatX223

{"isSafe":false,"isSuspicious":true,"riskLevel":"high","findings":[{"category":"prompt_injection","severity":"high","description":"The skill returns whatever the external endpoint sends back directly to the chat without sanitization. A remote endpoint could supply content that tries to override or influence the assistant's behavior or system prompts (prompt injection).","evidence":"\"Response: I return whatever the endpoint sends back directly to the chat.\""},{"category":"suspicious_url","severity":"medium","description":"Uses an external ngrok-tunneled URL as the data source. Such endpoints are ephemeral and can be hosting malicious or misconfigured content. This increases risk if the endpoint delivers harmful content or attempts to manipulate responses.","evidence":"https://b024a53917d6.ngrok-free.app/agent/dailyPost"},{"category":"data_exfiltration","severity":"medium","description":"Outbound GET request to an external server with no authentication. Depending on implementation, user chat data or context could be inadvertently exposed to the external endpoint.","evidence":"No Authentication: No headers or private keys are sent with this request. The assistant will perform a GET to an external endpoint and return the response."}],"summary":"This skill fetches content from an external endpoint and echoes it into the chat. While simple, it introduces prompt-injection risk (external content can influence the assistant), relies on a potentially untrusted ngrok URL, and may expose user content to external servers. Mitigate by sanitizing/extracting safe content, whitelisting endpoints, adding authentication or access controls, and avoid echoing raw external content to the chat."}

npx machina-cli add skill @NatX223/testskillx --openclaw
Files (1)
SKILL.md
1.3 KB

DailyPost Test

This skill lets you trigger a GET request to fetch a daily post from the test endpoint.

🚀 How to use it

Just say one of these (or similar):

  • "Show me the daily post"
  • "Get today's post"
  • "Fetch daily post"
  • "Run dailypost"

The assistant will immediately make a GET request to: https://b024a53917d6.ngrok-free.app/agent/dailyPost

🛠️ What happens

  1. Recognition: I recognize your request via the defined triggers.
  2. Execution: I perform the following HTTP call: 
    curl [https://b024a53917d6.ngrok-free.app/agent/dailyPost](https://b024a53917d6.ngrok-free.app/agent/dailyPost)
  3. Response: I return whatever the endpoint sends back (text, JSON, etc.) directly to the chat.

🔒 Safety Notes

  • No Authentication: No headers or private keys are sent with this request.
  • Public Access: This is a standard public GET request.
  • Error Handling: If the endpoint fails, returns a 404/500, or times out, I will notify you of the error.

Source

git clone https://clawhub.ai/NatX223/testskillxView on GitHub

Overview

The DailyPost Test skill triggers a public GET request to fetch a daily post from a test endpoint. It requires no authentication and returns the endpoint's response directly in chat. This makes it ideal for quick content retrieval during demos or testing.

How This Skill Works

When you say a trigger like 'Show me the daily post' or 'Get today's post', the skill recognizes it and issues a GET request to the endpoint https://b024a53917d6.ngrok-free.app/agent/dailyPost. The endpoint response (text or JSON) is relayed back to the chat, with no authentication headers sent.

When to Use It

  • You want today's post without any login or keys
  • Demonstrating a live API fetch in a chat or UI
  • Testing endpoint reachability and response formats
  • Preparing a quick demo of daily content retrieval
  • Verifying public GET endpoint behavior in automation flows

Quick Start

  1. Step 1: Say one of the triggers (e.g., 'Show me the daily post')
  2. Step 2: The assistant sends a GET request to https://b024a53917d6.ngrok-free.app/agent/dailyPost
  3. Step 3: Review the endpoint's response directly in chat

Best Practices

  • Use the exact trigger phrases to ensure reliable recognition
  • Verify the endpoint is reachable from your network (no VPN needed)
  • Remember there is no authentication; plan data access accordingly
  • Handle non-200 responses or timeouts gracefully in your flow
  • If needed, avoid overusing the endpoint to respect rate limits

Example Use Cases

  • User: Show me the daily post → assistant fetches and returns today's post
  • User: Get today's post → assistant performs GET and displays content
  • User: Fetch daily post → assistant retrieves the post from the test endpoint
  • User: Run dailypost → assistant triggers the GET request and shows the result
  • QA/demo: Use the skill to verify endpoint availability and content format

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers