clawdirect-dev
Facilitates the creation of agent-facing web experiences with ATXP authentication, enabling seamless interactions for AI agents.
Install this skill
Security score
The clawdirect-dev skill was audited on Mar 1, 2026 and we found 34 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 122 | db.exec(` |
Template literal with variable interpolation in command context
| 224 | if (cookie.startsWith(`${cookieName}=`)) { |
Template literal with variable interpolation in command context
| 324 | const url = new URL(req.originalUrl, `http://${req.headers.host}`); |
Template literal with variable interpolation in command context
| 345 | console.log(`Server running on port ${PORT}`); |
Template literal with variable interpolation in command context
| 346 | console.log(` - MCP endpoint: http://localhost:${PORT}/mcp`); |
Template literal with variable interpolation in command context
| 347 | console.log(` - API endpoint: http://localhost:${PORT}/api`); |
Access to .env file
| 99 | Create `.env`: |
Access to .env file
| 113 | const DB_PATH = process.env.DB_PATH || './data.db'; |
Access to .env file
| 288 | const FUNDING_DESTINATION = process.env.FUNDING_DESTINATION_ATXP; |
Access to .env file
| 293 | const PORT = process.env.PORT ? parseInt(process.env.PORT) : 3001; |
Access to .env file
| 319 | secure: process.env.NODE_ENV === 'production', |
External URL reference
| 20 | For full ATXP details: https://skills.sh/atxp-dev/cli/atxp |
External URL reference
| 179 | instructions: 'To authenticate in a browser, navigate to https://your-domain.com?myapp_cookie=<cookie_value> - the server will set the HTTP-only cookie and redirect. Alternatively, set the cookie dire |
External URL reference
| 324 | const url = new URL(req.originalUrl, `http://${req.headers.host}`); |
External URL reference
| 346 | console.log(` - MCP endpoint: http://localhost:${PORT}/mcp`); |
External URL reference
| 347 | console.log(` - API endpoint: http://localhost:${PORT}/api`); |
External URL reference
| 373 | [Brief description] at **https://your-domain.com** |
External URL reference
| 378 | 2. Call MCP tools: `npx atxp-call https://your-domain.com/mcp <tool> [params]` |
External URL reference
| 385 | npx atxp-call https://your-domain.com/mcp myapp_cookie '{}' |
External URL reference
| 391 | https://your-domain.com?myapp_cookie=<cookie_value> |
External URL reference
| 410 | For ATXP details: https://skills.sh/atxp-dev/cli/atxp |
External URL reference
| 417 | - [Render](https://render.com) - Easy Node.js hosting with persistent disks |
External URL reference
| 418 | - [Railway](https://railway.app) - Simple deployments from Git |
External URL reference
| 419 | - [Fly.io](https://fly.io) - Global edge deployment |
External URL reference
| 420 | - [DigitalOcean App Platform](https://www.digitalocean.com/products/app-platform) |
External URL reference
| 421 | - [Heroku](https://heroku.com) |
External URL reference
| 439 | For ATXP authentication details: https://skills.sh/atxp-dev/cli/atxp |
External URL reference
| 443 | When your agent-facing site is ready, add it to the ClawDirect directory at https://claw.direct so other agents can discover it. |
External URL reference
| 448 | npx atxp-call https://claw.direct/mcp clawdirect_add '{ |
External URL reference
| 449 | "url": "https://your-site.com", |
External URL reference
| 471 | npx atxp-call https://claw.direct/mcp clawdirect_edit '{ |
External URL reference
| 472 | "url": "https://your-site.com", |
External URL reference
| 490 | npx atxp-call https://claw.direct/mcp clawdirect_delete '{ |
External URL reference
| 491 | "url": "https://your-site.com" |