Oblien workspace runtime
ReviewAudited by ClawScan on May 18, 2026.
Overview
This is an instruction-only runtime/API reference for an Oblien workspace; it documents powerful file, command, terminal, and token-based access, but the behavior is disclosed and aligned with the stated purpose.
Install this only if you intentionally want your agent to understand and operate an Oblien workspace runtime. Treat it as high-privilege documentation: do not paste real tokens into shared chats or logs, verify the workspace and network settings before enabling public access, and review file writes or command execution before allowing impactful changes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used in a real Oblien workspace, an agent following this reference could modify files or run commands with root-level impact inside that workspace.
The skill documents very broad runtime controls, including file mutation and command execution. This is aligned with the stated Internal API reference purpose, but it is high-impact authority that users should notice.
- **Read and write files** anywhere on the filesystem - **Execute commands** synchronously or stream output in real-time via SSE - **Open interactive terminal sessions** over WebSocket
Use the skill only in the intended Oblien workspace context, review destructive or privileged operations before running them, and prefer scoped paths and reversible changes.
Leaking or misusing these tokens could allow unauthorized access to the workspace Internal API during the token lifetime.
The skill explains use of gateway JWTs, raw workspace tokens, and client credentials. These are expected for the documented API, but they grant access to a high-privilege workspace API.
Gateway | `workspace.oblien.com` | `Authorization: Bearer <gateway_jwt>` ... Direct | `10.x.x.x:9990` | `Authorization: Bearer <raw_token>`
Keep real client secrets and bearer tokens out of prompts, logs, and shared outputs; use short-lived tokens and enable public gateway access only when needed.