OpenServ Client
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing or running the examples, verify the npm package, use a test OpenServ account or wallet, keep generated .env/.openserv.json files private, and be careful with cleanup --all and webhook URLs. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local environment file or generated state leaks, someone could potentially access the OpenServ account, agent credentials, or wallet-controlled resources.
The examples show that provisioning creates or stores wallet and OpenServ credentials locally. This is expected for platform authentication, but those values are sensitive.
# Auto-populated by provision() - DO NOT fill manually WALLET_PRIVATE_KEY= OPENSERV_API_KEY= OPENSERV_AUTH_TOKEN=
Run this only in a trusted project directory, keep .env and .openserv.json out of source control, and rotate credentials if they are exposed.
Running the examples can create or update agents and workflows and make triggers callable on the OpenServ platform.
The normal provisioning flow mutates OpenServ platform resources and activates triggers. This matches the skill purpose, but it has real account impact when run.
Creates or updates the agent... Creates or updates the workflow with trigger and task... Activates trigger and sets workflow to running
Use a test account or test wallet first, review the workflow and trigger settings, and only provision when you intend to create or update platform resources.
If run with --all, the cleanup script can remove OpenServ workflows and agents from the authenticated account.
The cleanup example contains an explicit user-invoked --all option that deletes all listed workflows and agents. It is disclosed, but destructive.
if (args.includes('--all')) { ... await client.workflows.delete({ id: w.id }) ... await client.agents.delete({ id: a.id }) }Do not run cleanup.ts with --all unless you have verified the account and are sure those resources should be deleted.
Installing the package runs code from the npm supply chain rather than code fully reviewed here.
The skill relies on an external npm package that is not included in the reviewed artifacts. This is expected for a client guide, but package provenance is outside this artifact review.
npm install @openserv-labs/client
Verify the npm package name, publisher, version, and lockfile before using it in production.
Anyone who obtains the webhook URL may be able to trigger the associated workflow, depending on OpenServ controls.
The example prints a tokenized webhook URL used to invoke the workflow. This is purpose-aligned, but the URL/token should be treated as sensitive.
console.log(`Webhook: https://api.openserv.ai/webhooks/trigger/${result.triggerToken}`)Avoid sharing webhook URLs publicly unless intended, and rotate or recreate triggers if a tokenized URL is exposed.