Ogment
v1.0.3Invoke MCP tools via Ogment CLI — secure access to Linear, Notion, Gmail, PostHog, and 100+ SaaS integrations through Ogment's governance layer.
⭐ 4· 406·0 current·0 all-time
byAmaury Soviche@asoviche
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim secure access to many SaaS via the Ogment CLI; the skill requires the 'ogment' binary and documents CLI commands (auth, catalog, invoke). That is coherent — the node package @ogment-ai/cli is the expected install path to provide the 'ogment' binary and jq is a reasonable optional helper.
Instruction Scope
SKILL.md only instructs use of the Ogment CLI (auth flow, catalog, invoke) and does not ask to read unrelated files or environment variables. It does instruct the agent to extract a verificationUri and 'send it to your human as a clickable link' — expected for a device/browser-based auth flow, but the instructions do not advise inspecting requested scopes/permissions before approving.
Install Mechanism
Install spec uses an npm package (@ogment-ai/cli) to create the 'ogment' binary and Homebrew to install jq. This is a standard pattern; it is not an arbitrary URL download or archive extraction. The npm install step is the primary non-trivial install action (moderate trust required in the package and its publisher).
Credentials
The skill declares no required environment variables or credentials. Authentication is performed via the CLI's interactive/web verification flow (the user must approve). This is proportionate, but note that the auth flow will produce tokens/credentials stored by the CLI, enabling access to Gmail/Notion/etc. — a legitimate capability but sensitive.
Persistence & Privilege
The skill does not request always:true, does not require config paths, and does not modify other skills. Autonomous invocation is allowed by default (platform standard); combined with delegated SaaS access, this increases impact but is expected for an integration skill.
Assessment
This skill simply wraps the Ogment CLI to let the agent call your connected SaaS through Ogment's governance layer — that is coherent with its description. Before installing: (1) verify you trust the npm package @ogment-ai/cli and the ogment.ai homepage; (2) understand the auth flow: you will be asked to approve access via a verification link and that approval grants the CLI tokens that can access Gmail, Notion, Slack, etc.; (3) check what scopes/permissions Ogment requests when you log in and only approve what you accept; (4) be aware the agent can invoke this skill autonomously (platform default), so consider restricting autonomous actions or limiting which accounts/permissions are connected if you want least privilege.Like a lobster shell, security has layers — review code before you run it.
latestvk971f4cxqksb70v95zahnzr5d982n079
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔌 Clawdis
Binsogment
Any binjq
Install
Node
Bins: ogment
npm i -g @ogment-ai/cliHomebrew
Bins: jq
brew install jq