Safety Report

CurlShip Directory Submission

Name: CurlShip Directory Submission
Author: MarcinDudekDev

Submit products to CurlShip, the bot-friendly SaaS directory. One curl command to list your product with OG tag scraping, badge-based dofollow links, and tier upgrades.

650Downloads

0Installs

0Stars

1Versions

API Integration13,230 File Management6,712 E-Commerce4,909 Web Scraping2,627

Security Analysis

high confidence

Clean

The skill is an instruction-only wrapper describing simple curl calls to curlship.com and requests no credentials or installs — its claims and runtime instructions are internally consistent.

Feb 11, 20261 files

Purpose & Capabilityok

The name/description (submit a product to CurlShip) matches the SKILL.md: all required actions are HTTPS calls to curlship endpoints. No unrelated credentials, binaries, or installs are requested.

Instruction Scopeok

SKILL.md only instructs the agent to POST/GET JSON to the documented API endpoints and to return responses; it explicitly requires a product URL and an email. There are no instructions to read local files, environment variables, or other system state, nor to transmit data to unexpected endpoints.

Install Mechanismok

There is no install spec and no code files — this is instruction-only. That minimizes on-disk persistence and reduces installation risk.

Credentialsok

The skill declares no environment variables, no credentials, and the documented API is public/no-auth. The SKILL.md does instruct sending a user-provided email and URL to the external service, which is coherent with the stated purpose.

Persistence & Privilegeok

The skill does not request always:true and does not modify agent or system settings. Autonomous invocation is allowed by platform default but is not elevated here and is proportionate to the skill's functionality.

Guidance

This skill simply tells the agent to make HTTPS calls to https://curlship.com and requires you to provide a product URL and contact email — no credentials or installs are needed. Before installing: (1) verify you trust curlship.com (you're sending URLs and an email to an external service); (2) avoid submitting internal/private URLs — the doc claims SSRF protection but you should not rely on it for sensitive targets; (3) if you follow an upgrade workflow, inspect the checkout URL domain before entering payment details; (4) because it’s instruction-only, the main risk is data exfiltration of any URLs/emails you pass to it, so test with non-sensitive data first and review the service's privacy/terms.

Latest Release

v1.0.0

Initial release: submit, list, upgrade, and badge endpoints for the bot-friendly SaaS directory

More by @MarcinDudekDev

WP Multitool

2 stars

Apify Bluesky Scraper

0 stars

MakeWPFast Benchmark

@marcindudekdev · 0 stars

Hunazo

0 stars

Quant Simulation Toolkit

0 stars

Apify Substack Scraper

0 stars

Published by @MarcinDudekDev on ClawHub