ClawHub

Read Policy

v1.0.2

Read OpenClaw policies from PostgreSQL through the local Supabase Docker stack. Use for inspecting policy keys such as auto_approve, priority_routing, or ava...

0· 279·2 current·2 all-time
by@ecosincronia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match its behavior: it reads OpenClaw policies from the local Supabase Postgres instance. Minor mismatch: the SKILL.md and script expect Docker (container named supabase-db) to be available, but the skill metadata does not declare Docker as a required binary.
Instruction Scope
SKILL.md directs the agent to run the included script to list or get keys from public.openclaw_policies via docker exec into the supabase-db container. The script confines actions to running psql inside that container and formats output for inspection; it does not attempt to read arbitrary host files or contact external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and a small included script; nothing is downloaded or written to disk by an installer.
Credentials
The skill requests no environment variables or credentials. It relies on docker exec to run psql as the postgres user inside the local container, which is a reasonable requirement for inspecting a local Supabase DB.
Persistence & Privilege
always is false and the skill does not request persistent/always-on presence or modify other skills; autonomous invocation is allowed (platform default) and is not, by itself, risky here.
Assessment
This skill is small and focused, but before installing: (1) confirm you run it only on a trusted machine with the Supabase stack and that a container named supabase-db exists; (2) ensure the Docker CLI is available and you are comfortable that running docker exec gives access to the container (and therefore the DB contents); (3) review the included script (scripts/read-policy.sh) — it only runs psql inside the container and escapes single quotes for the supplied key; (4) avoid running this skill on multi-tenant or untrusted hosts, and don't grant it to agents where you wouldn't permit local DB inspection.

Like a lobster shell, security has layers — review code before you run it.

latestvk97czb1b2vnztvkpmjxtc7dvch82rbb9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments