CEORater

The name/description advertise CEO analytics via the CEORater API and the skill only requires a single CEORATER_API_KEY to call api.ceorater.com endpoints. No unrelated services, binaries, or config paths are requested.

SKILL.md instructs the agent to call documented API endpoints (GET /v1/ceo, /v1/search, /v1/ceos, /v1/meta) and to use the CEORATER_API_KEY. The helper script calls only the api.ceorater.com domain, sanitizes input, URL-encodes queries, and enforces simple validation. There are no instructions to read unrelated files, system credentials, or send data to unexpected endpoints.

This is instruction-only (no installer). The repo contains a small helper shell script; there is no network-download install step or use of third-party package registries. Risk from installation is low.

Only one environment variable (CEORATER_API_KEY) is required and it directly maps to the service being integrated. README notes an alternate config key in openclaw.json (apiKey) which is consistent with storing credentials locally; no other secrets or unrelated credentials are requested.

The skill is not always-enabled (always:false) and registry shows disable-model-invocation:true (model cannot autonomously invoke it), limiting autonomous access. The skill does not request changes to other skills or system-wide config beyond optional local API-key configuration.