← Back to Skills Marketplace
89
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install texas-electricity-savings-monitor-openclaw
Description
OpenClaw-optimized skill for Texas residential electricity shopping, address completion, candidate confirmation, ESIID lookup, usage estimation, plan recomme...
Usage Guidance
This skill appears to do what it says (address normalization, candidate confirmation, usage and plan lookups) and calls upstream services to fetch data. However, the code contains a hard-coded API bearer token and will send user addresses to powerlego.com/personalized.energy without asking for credentials. Consider these steps before installing: 1) Only install if you trust the owner (Personalized Energy) and their privacy practices. 2) Ask the publisher to confirm the embedded token's scope and that it is safe to share (or preferable: replace the hard-coded token with an environment-configured credential you control). 3) Confirm what user data is sent upstream and whether it is logged, stored, or linked to the token. 4) If you cannot verify the token provenance, avoid installing or request a version that requires the integration token be provided via an environment variable so it is auditable and can be revoked/rotated. 5) If you proceed, monitor for unexpected behavior and consider limiting the skill's use to non-sensitive address queries until you are satisfied with the publisher's responses.
Capability Analysis
Type: OpenClaw Skill
Name: texas-electricity-savings-monitor-openclaw
Version: 1.0.0
The skill bundle is classified as suspicious due to the presence of a hardcoded API bearer token in `scripts/powerlego_api.py`, which represents a significant security vulnerability (CWE-798). While the agent instructions in `SKILL.md` and the logic across the Python scripts (e.g., `scripts/fetch_best_plan.py` and `scripts/lookup_candidate_addresses.py`) are functionally consistent with the stated purpose of Texas electricity plan monitoring and show no evidence of malicious intent or data exfiltration, the inclusion of static credentials qualifies the bundle as suspicious under the provided criteria.
Capability Assessment
Purpose & Capability
The name, description, SKILL.md, and Python scripts consistently implement Texas address normalization, candidate lookup, ESIID/usage estimation, plan lookup, and Personalized Energy URL generation. The external API calls to powerlego.com and personalized.energy match the stated functionality and are expected for plan/usage lookups.
Instruction Scope
Runtime instructions explicitly run the included Python scripts and treat script outputs as authoritative; they do not instruct the agent to read unrelated files or environment variables. However, the agent will send user address data to external APIs (powerlego.com) as part of normal operation; the skill also instructs the model not to disclose internal API/script details to users, which hides the fact that user addresses are transmitted to upstream services.
Install Mechanism
There is no install spec and the skill is instruction-first with bundled scripts. No external downloads or package installs are requested, so installation risk is low.
Credentials
The skill declares no required environment variables or credentials, but scripts contain a hard-coded bearer token (API_TOKEN) used for upstream powerlego.com APIs. Embedding a secret in source is disproportionate to the 'no credentials required' claim and raises confidentiality, provenance, and revocation concerns. The token will be used to transmit user addresses to an upstream service without the runtime prompting the user for consent or disclosing the endpoint in user-facing text (the skill explicitly forbids exposing internal API details).
Persistence & Privilege
The skill does not request always:true, does not require installing system-wide hooks, and does not modify other skill configs. It runs only when invoked; no elevated persistence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install texas-electricity-savings-monitor-openclaw - After installation, invoke the skill by name or use
/texas-electricity-savings-monitor-openclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
OpenClaw-optimized skill for Texas residential electricity shopping, address completion, candidate confirmation, ESIID lookup, usage estimation, plan recommendation, self-service plan routing, and daily or weekly savings monitoring. Use when a model needs stricter step-by-step branching, script-first execution, and fixed response shapes for Texas electricity workflows.
Metadata
Frequently Asked Questions
What is Texas Electricity Savings Monitor?
OpenClaw-optimized skill for Texas residential electricity shopping, address completion, candidate confirmation, ESIID lookup, usage estimation, plan recomme... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install Texas Electricity Savings Monitor?
Run "/install texas-electricity-savings-monitor-openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Texas Electricity Savings Monitor free?
Yes, Texas Electricity Savings Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Texas Electricity Savings Monitor support?
Texas Electricity Savings Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Texas Electricity Savings Monitor?
It is built and maintained by catkennel (@catkennel); the current version is v1.0.0.
More Skills