ClawHub

skill-feedback-collector

v1.0.2

Human-in-the-loop MCP feedback collector with task queue. Pauses to collect human input via browser UI before continuing. Use when completing tasks, encounte...

0· 218·1 current·1 all-time
byLIU@2019-02-18
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (human-in-the-loop feedback collector) align with the files, exported tools, and required binaries (node/npm). Dependencies (@modelcontextprotocol/sdk, ws) are appropriate for an MCP server and WebSocket UI.
Instruction Scope
SKILL.md instructs the agent to call ask_human_feedback and set_feedback_mode only. The runtime code exposes HTTP/WebSocket endpoints, serves a browser UI, persists local conversation history, and supports auto-dequeue of queued tasks — all documented. Notable operational behavior: the server responds to auto-dequeued tasks (autoMode) which can cause the agent to continue working without manual confirmation, and the UI/API use long-polling fallback. These behaviors are expected but important to understand.
Install Mechanism
Install is via npm package 'skill-feedback-collector' (package.json / package-lock.json present). This is a standard registry install (moderate risk compared to no-install), and the code is included in the package here for review. No opaque remote downloads or URL-based extracts were observed.
Credentials
No secrets are required by default; only FEEDBACK_PORT and optional FEEDBACK_TOKEN are referenced. However FEEDBACK_TOKEN defaults to empty, and CORS is '*' — so by default the UI/API are publicly accessible if the port is reachable. Requesting no unrelated credentials is proportionate.
Persistence & Privilege
always:false and no special platform privileges requested. The skill writes feedback-history.json into its directory and persists up to 500 entries (documented and gitignored). This local persistence is expected but means sensitive conversation content may be stored on disk and should be managed.
Assessment
This skill appears to do what it says: run a local MCP server that pauses the agent and asks for human feedback via a browser UI. Before installing or deploying, consider: 1) Run it in a network-isolated environment (or bind to localhost) if you don't want external access. By default the server/CORS allow public access and FEEDBACK_TOKEN is empty — set FEEDBACK_TOKEN and/or use a firewall to restrict access. 2) Conversation history is saved locally (feedback-history.json) — treat it as sensitive and rotate or delete as needed. 3) Auto-mode (autoMode) can auto-dequeue tasks and let the agent continue without manual confirmation — be aware if you rely on strict human approval. 4) The package is installed from npm; review the published package/source and confirm the package owner/trust before running in production. 5) If you have low tolerance for risk, run the skill in a sandboxed container or on a private host and review src/index.ts (provided) and any transitive dependencies before enabling in a public-facing environment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💬 Clawdis
OSLinux · macOS · Windows
Any binnode, npm

Install

npm install && npm run buildnpm i -g skill-feedback-collector
latestvk97b2b9ahqw63gc2t5rk4cm1wd82v82g
218downloads
0stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
Linux, macOS, Windows
LIU@2019-02-18
latest
Download

Skill Feedback Collector

Pause the agent and wait for human feedback via a browser-based UI connected through WebSocket. Includes a task queue for batch execution of pre-loaded tasks.

When to Use

  • After completing a task, to let the user verify the result
  • When encountering uncertain parameters (colors, layouts, API choices, business logic)
  • Before making destructive or irreversible changes that need user confirmation
  • When the user prefers interactive confirmation over autonomous execution
  • When batch-executing multiple pre-loaded tasks from the queue

Instructions

Follow these guidelines when this skill is active:

  1. After completing a task, call ask_human_feedback with a summary and options for next steps. This lets the user decide what to do next rather than ending the session.

  2. When unsure about implementation details, call ask_human_feedback with your question instead of making assumptions. Getting explicit input leads to better results.

  3. The response from ask_human_feedback is your next instruction. Execute it, then call ask_human_feedback again when done. This creates a productive feedback loop.

  4. If the task queue returns a task automatically (queue was non-empty), execute that task and call ask_human_feedback again when complete. The queue feeds tasks until empty.

  5. Mode switching:

    • User says "free mode" / "自由模式" → call set_feedback_mode(enabled: false) to work without pausing
    • User says "feedback mode" / "确认模式" → call set_feedback_mode(enabled: true) to resume the confirmation loop

Best Practices

  • Ask the user before ending a session — they may have more tasks
  • Confirm before making destructive changes (force push, drop table, delete files)
  • If feedback mode is disabled (bypass message returned), continue working autonomously

Tools

ask_human_feedback

Pauses execution and sends the reason to the browser UI. Returns the human's text response. If the task queue is non-empty, the next task is auto-dequeued and returned (with a short delay for UI visibility).

Parameters: reason (string) — summary of work done and what input you need.

Example reason format:

Completed: [specific work done]
Changes: [files modified, endpoints added, etc.]

What would you like me to do next?
1. [Option A]
2. [Option B]
3. Something else

set_feedback_mode

Toggle feedback confirmation on/off. When off, ask_human_feedback returns immediately without pausing.

Parameters: enabled (boolean)

Setup

npm install && npm run build

MCP configuration:

{
  "command": "node",
  "args": ["build/index.js"],
  "cwd": "/path/to/skill-feedback-collector"
}

Browser UI: http://<server-ip>:18061

Env VariableDefaultDescription
FEEDBACK_PORT18061HTTP and WebSocket port
FEEDBACK_TOKEN(empty)Optional access token for the UI

Workflow

User message → Agent works → calls ask_human_feedback("Done. Next?")
                                    ↓
                    [Queue has tasks?] → YES → returns next task → Agent continues
                                    ↓ NO
                    [Waits for human input via browser UI]
                                    ↓
                    Human responds → Agent receives → works → calls ask_human_feedback again
                                    ↓
                    ... loop continues until user indicates they are done ...

Security

  • Set FEEDBACK_TOKEN when deploying on shared or public networks to restrict access
  • Use a firewall to limit which IPs can reach the HTTP/WebSocket port
  • The server binds to 0.0.0.0 by default for convenience; restrict network access at the OS or firewall level if needed
  • Conversation history (feedback-history.json) is stored locally in the skill directory; review and rotate if it contains sensitive information
  • This skill does not make outbound network requests, download external resources, or execute shell commands

Tips

  • The task queue lets users pre-load multiple tasks for sequential execution
  • Users can add tasks to the queue while the agent is working
  • HTTP long-polling fallback activates automatically when WebSocket is unavailable
  • Browser notifications and sound alerts notify you when the agent has a question
  • Conversation history is persisted locally (max 500 entries)

Comments

Loading comments...