ClawHub

Skill

v1.1.0

Connect your OpenClaw instance to kemia (https://kemia.byte5.ai) for visual agent configuration management. Use when: (1) connecting to a kemia deployment fo...

0· 58·0 current·0 all-time
byChristian Wendler@cwendler
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts perform enrollment, export/import of agent .md files, status checks, and one-time login link generation against a kemia API. Required actions (network to kemia, reading/writing workspace files, storing an API key) are expected for this functionality.
Instruction Scope
Scripts read/write files in the OpenClaw workspace (SOUL.md, IDENTITY.md, etc.), persist enrollment and config JSON under ~/.openclaw/workspace/skills/kemia, and POST local workspace files to the kemia API. This is expected for a config manager, but it means local workspace files (which may contain sensitive data) are uploaded to the remote kemia instance — the user should only connect to a trusted kemia deployment.
Install Mechanism
No external install downloads; the skill is instruction-only with bundled shell scripts. It requires jq and curl on the host (declared as prerequisites). No suspicious network installs or archive extraction observed.
Credentials
The skill does not require any unrelated credentials or environment variables. Optional env vars (OPENCLAW_WORKSPACE, OPENCLAW_INSTANCE_NAME, OPENCLAW_AGENT_NAME) are reasonable for configuration. The API key is obtained from kemia during enrollment and stored locally in ~/.openclaw/workspace/skills/kemia/config.json (scripts set file mode 600).
Persistence & Privilege
always:false and no attempts to modify other skills or system-wide configurations. The skill persists its own state and config under its skill directory and workspace and does not demand elevated privileges.
Assessment
This skill behaves like a normal connector: it will upload selected workspace .md files to the kemia service and store a kemia API key under ~/.openclaw/workspace/skills/kemia/config.json. Before connecting: (1) confirm you trust the kemia host (https://kemia.byte5.ai or your self-hosted URL), (2) inspect the listed files (SOUL.md, IDENTITY.md, USER.md, MEMORY.md, AGENTS.md, TOOLS.md, HEARTBEAT.md) for any secrets you don't want transmitted, (3) keep backups (the import script creates .kemia-backup), and (4) ensure jq and curl are installed. If you need higher assurance, review the included scripts (connect.sh, import.sh, kemia-link.sh, status.sh) line-by-line — they are the only code executed and contain the full behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784ksw040zfj6azp8djetnbd84wvrk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments