Allstar Link node control ASL3 (ASL3 Node Control)
v0.1.0Monitor and control AllStar Link amateur radio nodes via REST API
⭐ 1· 1.5k·0 current·0 all-time
byJosh@kj5irq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description say 'control AllStar Link nodes via REST API' and the included shell/Python clients do exactly that: they call a local/remote ASL Agent HTTP API with an X-API-Key. The required binaries (python3) and env vars (ASL_PI_IP, ASL_API_KEY) match the purpose. A minor note: the shell wrapper has a hardcoded ASL_PI_IP default (100.116.156.98), but the SKILL.md explicitly instructs you to set ASL_PI_IP and ASL_API_KEY.
Instruction Scope
SKILL.md instructs the agent to source a secrets file and run the provided Python script. The scripts only access the declared env vars (plus optional ASL_API_BASE, ASL_STATE_DIR) and per-user state files under ~/.openclaw/state/asl-control. They do not attempt to read unrelated system credentials or contact external endpoints other than the ASL agent base URL.
Install Mechanism
No install spec; this is instruction-plus-scripts only. Nothing is downloaded or extracted from external URLs by the skill itself.
Credentials
Only ASL_PI_IP and ASL_API_KEY (plus optional ASL_API_BASE and ASL_STATE_DIR) are required — appropriate for a REST API client. No unrelated tokens or broad credentials are requested. One operational omission: the Python client depends on the 'requests' package but the skill metadata only requires 'python3' (this is usability/packaging friction, not a secret mismatch).
Persistence & Privilege
always is false and the skill writes only per-user state under ~/.openclaw/state/asl-control. It does not request system-wide changes or modify other skills. Model-autonomous invocation is allowed by default (not a problem here) — nothing else in the package amplifies that privilege.
Assessment
This skill appears to be what it claims: a client for a self-hosted ASL agent. Before installing or running it, consider these practical checks: (1) Verify the ASL agent you will contact is your own Pi (ASL_PI_IP) and that ASL_API_KEY is scoped/rotated appropriately — do not reuse broad keys. (2) The shell script has a hardcoded default IP (100.116.156.98); always set ASL_PI_IP/ASL_API_BASE explicitly so you don't accidentally target another host. (3) The Python client requires the 'requests' package; install it in your environment (pip install requests) or run in an environment that provides it. (4) The client creates per-user files under ~/.openclaw/state/asl-control and will read the secrets file you source (e.g. ~/.config/secrets/api-keys.env) — keep that file protected. (5) There is no homepage or published source provenance; if you do not trust the unknown author, review the included scripts (which are short and readable) line-by-line before running. (6) Check the ASL agent audit log on the Pi (/opt/asl-agent/audit.log) after using the client to confirm only expected actions occurred.Like a lobster shell, security has layers — review code before you run it.
allstar linkvk9729h2r7p8fjc39j465zamgps80kk0yamateur radiovk9729h2r7p8fjc39j465zamgps80kk0yasl 3vk9729h2r7p8fjc39j465zamgps80kk0yasl3vk9729h2r7p8fjc39j465zamgps80kk0yham radiovk9729h2r7p8fjc39j465zamgps80kk0ylatestvk9729h2r7p8fjc39j465zamgps80kk0yradiovk9729h2r7p8fjc39j465zamgps80kk0y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📡 Clawdis
Binspython3
EnvASL_PI_IP, ASL_API_KEY