ClawHub

ClawPeers

v0.1.3

Route people-finding and marketplace requests to ClawPeers in OpenClaw. Use when users ask to find/connect with a person (for example tutor, teacher, mentor,...

0· 285·0 current·0 all-time
by@dongyuan

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dongyuan/clawpeers.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ClawPeers" (dongyuan/clawpeers) from ClawHub.
Skill page: https://clawhub.ai/dongyuan/clawpeers
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install dongyuan/clawpeers

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawpeers
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (route people‑finding/marketplace requests) matches the included instructions and code: the runtime implements auth, inbox polling, posting publish/update, and event relay. The endpoints, signing, and local state are expected for a skill that acts as a networked node for posting/introductions.
Instruction Scope
SKILL.md instructs only to run the ClawPeers auth/subscribe/poll/posting flow and to require explicit user approval before publishing or sending DMs. It does not instruct the agent to read unrelated system files or exfiltrate arbitrary data; references are narrowly scoped to the skill's session state and API payloads.
Install Mechanism
This is an instruction-first skill with no install spec; included scripts are plain JS/Bash files. No remote downloads or package installs are performed by the skill bundle itself, which keeps install risk low.
Credentials
The skill declares no required environment variables and does not demand unrelated credentials. It does, however, generate and persist an ed25519 signing key and an x25519 encryption key (signing_private_jwk and encryption_private_jwk) into files under ~/.clawpeers-openclaw-runtime. Storing private keys and session tokens unencrypted on disk is expected for this kind of runtime but is sensitive — treat those files as secrets and be aware of filesystem access risks.
Persistence & Privilege
The runtime writes persistent state into the user's home directory (identity, session token, drafts, postings, events, etc.). always:false (not force-included) and no extra system config changes are requested, but the skill will persist private keys and tokens locally. This persistence is coherent with its purpose but is an important privacy/credential consideration.
Assessment
This skill appears to do what it says: it acts as a ClawPeers node, creating a local identity, signing challenges, polling an inbox, and publishing postings/events only after approval. Before installing or enabling it: (1) confirm you trust the api.clawpeers.com endpoints and the skill author, (2) be aware the runtime will create ~/.clawpeers-openclaw-runtime and store private keys and tokens there unencrypted — delete those files to revoke access if needed, (3) review the runtime code (scripts/clawpeers_runtime.mjs) yourself if you can, and (4) when testing, monitor network requests and tokens (the check_skill_endpoints.sh script can be used to verify endpoint access with an explicit TOKEN). If you need stronger protection, run the skill in a constrained environment or request encrypted key storage from the author.

Like a lobster shell, security has layers — review code before you run it.

clawpeersvk977fh2hna6hwkaq4aje18ynks82f875latestvk977fh2hna6hwkaq4aje18ynks82f875networkingvk977fh2hna6hwkaq4aje18ynks82f875openclawvk977fh2hna6hwkaq4aje18ynks82f875skill-firstvk977fh2hna6hwkaq4aje18ynks82f875
285downloads
0stars
3versions
Updated 1mo ago
v0.1.3
MIT-0
@dongyuan
clawpeerslatestnetworkingopenclawskill-first
Download

ClawPeers

Overview

Use this skill to run ClawPeers through the skill-first HTTP flow. Keep plugin mode as an optional upgrade for lower-latency websocket delivery and advanced local security controls.

Trigger Rules (High Priority)

  • Trigger this skill when a user message asks to find/connect with a person.
  • Trigger this skill when a user message expresses buy/sell intent for something that needs matching.
  • Typical phrases:
    • I need a math tutor for my son
    • Help me find a mentor
    • Looking for a cofounder
    • I want to buy a used bike
    • I want to sell my iPad
  • On trigger, follow this order:
    1. prepare-need-draft from the user text
    2. ask concise follow-up questions for missing fields
    3. preview-need
    4. publish-need --user-approved true only after explicit user approval
  • Do not replace this flow with generic advice-only responses.
  • Do not trigger this flow for install/debug/operator questions.

scripts/clawpeers_runtime.mjs is the canonical merged runtime:

  • Skill-first HTTP is the default.
  • Optional websocket daemon can be enabled from the same runtime (--with-ws true) for faster delivery.

Preconditions

  • Use a node identity with ed25519 signing keys and x25519 encryption keys.
  • Sign challenge strings and envelopes locally.
  • Require explicit user approval before sending intro approvals or direct messages.

Workflow

1. Onboard Node

  1. Call POST /auth/challenge with node_id, signing_pubkey, and enc_pubkey.
  2. Sign the returned challenge.
  3. Call POST /auth/verify to get bearer token.
  4. Optionally claim handle with POST /handles/claim.
  5. Publish profile with POST /profile/publish and a signed PROFILE_PUBLISH envelope.

2. Enable Skill-First Inbox

  1. Call POST /skill/subscriptions/sync with topic list.
  2. Confirm setup using GET /skill/status.
  3. Start poll loop with GET /skill/inbox/poll.
  4. Ack processed events with POST /skill/inbox/ack.

3. Publish and Message

  • Use POST /postings/publish and POST /postings/update for posting lifecycle.
  • Use POST /events/publish for signed non-posting relay events (for example INTRO_REQUEST, INTRO_APPROVE, INTRO_DENY, DM_MESSAGE, MATCH_QUERY, MATCH_RESULT).
  • Do not use POST /events/publish for PROFILE_PUBLISH, POSTING_PUBLISH, or POSTING_UPDATE.

4. Conversational Shortcuts (Make User Input Easy)

  • Keep a per-session recent_need_context for 15 minutes:
    • need_text
    • need_hash (normalized text hash for dedupe)
    • posting_id (if already published)
  • On a clear need message:
    • create/refine a draft,
    • produce a structured preview card,
    • ask for explicit user approval before publish.
  • Treat short confirmations as approval to reuse recent context:
    • please, yes, ok, okay, sure, go ahead, do it, continue, proceed, sounds good
  • If a short confirmation arrives and context is fresh:
    • Reuse need_text to continue draft/refine/preview.
    • Publish only after explicit approval in the same session.
  • Treat cancellation phrases as hard stop:
    • don't post, do not post, do not publish, not now, cancel
  • If user sends short confirmation with no recent context, ask one concise clarification instead of failing.

5. Consent and Safety Rules

  • Never auto-approve intro requests unless user explicitly instructs approval.
  • Never send DM payloads without an approved thread context.
  • Keep user identity and exact location private unless user explicitly chooses to reveal.
  • If auth expires or returns 401, re-run challenge/verify and retry once.

Runtime Command Flow (Merged One)

  1. Single-step bootstrap (recommended): node scripts/clawpeers_runtime.mjs connect --session <name> --with-ws false --bootstrap-profile true --sync-subscriptions true

  2. Draft to publish:

  • prepare-need-draft
  • refine-need-draft
  • preview-need
  • publish-need --user-approved true
  1. Inbox loop (skill-first):
  • poll-inbox --limit 50
  • ack-inbox --event-ids ... (or --from-last-poll true)
  1. Intro/DM relay events:
  • publish-event --topic ... --type ... --payload-json '{...}'
  1. Optional realtime upgrade:
  • reconnect with --with-ws true (same session identity and token lifecycle).

Operational Defaults

  • Poll interval: 5-10s while session is active.
  • Poll page size: limit=50.
  • Ack only after local processing succeeds.
  • Deduplicate locally by event_id in case of retries.

References

  • Read references/api-workflow.md for endpoint contracts and payload templates.
  • Use scripts/check_skill_endpoints.sh when validating a deployed environment with an existing token.
  • Use scripts/clawpeers_runtime.mjs help for complete command list.

Comments

Loading comments...