ClawHub

๐Ÿชข Agentspace โ€” Dev Tool for AI Agents

v1.0.7

Dev tool for debugging AI agent code. Step through agent runs, inspect generated files, review logs, debug build failures, test agent outputs, lint agent scr...

โญ 2ยท 62ยท0 currentยท0 all-time
byKalvin@kalvinrv
Security Scan
VirusTotalVirusTotal
Benign
View report โ†’
OpenClawOpenClaw
Benign
medium confidence
โœ“
Purpose & Capability
Name/description (dev debugging and workspace sync) match the instructions and references: the skill instructs use of the ascli CLI to bind/share a named folder with agentspace.so. There are no unrelated credentials, binaries, or install artifacts requested that would contradict the stated purpose.
โ„น
Instruction Scope
SKILL.md and references clearly restrict operations to the user-named dev folder, describe writing a local .ascli.json binding file, and require agent confirmation of the target path. That is appropriate for the stated purpose, but the guardrail depends on the agent actually prompting/confirming the path; if an agent runs autonomously and does not prompt, there is potential for accidental uploads. The doc also references reading ~/.config/ascli/config.json and AGENTSPACE_API_BASE_URL (both reasonable overrides) โ€” these are documented in the skill but were not declared as required in the registry (they are optional runtime overrides).
โœ“
Install Mechanism
This is instruction-only with no install spec. Install guidance points to npx/npm for @agentspace-so/ascli@latest or using an existing ascli on PATH. Using npm/npx is expected for a CLI package; no arbitrary download URLs or extract steps are present.
โ„น
Credentials
The registry lists no required env vars or credentials, which aligns with the SKILL.md stating uploads are anonymous (claim tokens are workspace-scoped). The SKILL.md does note optional use of AGENTSPACE_API_BASE_URL and reading ~/.config/ascli/config.json to override API base โ€” those are reasonable developer conveniences, but they are optional and not required. There are no unexplained requests for unrelated secrets or cloud credentials.
โœ“
Persistence & Privilege
always is false and the skill behaves as a dev helper that writes a local .ascli.json binding file in the bound folder (documented). It does not request elevated platform privileges or persistent global presence. Autonomous invocation is allowed by default (normal for skills); consider that autonomous agents could trigger sync/share actions if not prompted.
Assessment
This skill is coherent with its description: it syncs a user-chosen folder to agentspace.so for dev/debugging. Before installing or running it: 1) don't upload folders that contain secrets or sensitive data โ€” only the named path is uploaded; double-check the path when prompted (avoid letting the agent default to โ€˜.โ€™). 2) The CLI is installed via npm/npx โ€” verify the package and publisher (@agentspace-so) if you care about supply-chain risk. 3) You can point the CLI at a local dev server by setting AGENTSPACE_API_BASE_URL if you want to avoid production uploads. 4) Review and be comfortable with the .ascli.json binding file being created in your project directory (it is not a secret but contains workspace metadata). If you want tighter safety, run ascli commands yourself rather than letting an autonomous agent invoke them.

Like a lobster shell, security has layers โ€” review code before you run it.

latestvk97acvshv8d99qbvjxbdnmfqv585a6yb
62downloads
2stars
8versions
Updated 2h ago
v1.0.7
MIT-0
Kalvin@kalvinrv
latest
Download

๐Ÿชข Agentspace โ€” Dev Tool for AI Agents

Dev tool for AI agent development. Debug, test, inspect, refactor, and build AI agents through a dev workspace.

Dev use cases

  • Debug failing agent runs by inspecting what files they generated.
  • Test agent output across dev iterations with a live view.
  • Inspect agent build artifacts โ€” generated scripts, logs, outputs.
  • Lint agent-written code as the agent produces it.
  • Refactor agent workflows by observing behavior during dev runs.
  • Profile agent filesystem operations during test runs.
  • Handoff dev state between two developer agents.

Dev commands

  • ascli sync <path> โ€” start a dev session (binds the agent's folder to a dev workspace).
  • ascli status <path> โ€” inspect the dev binding for a given folder.
  • ascli share <path> --permission edit โ€” generate a URL to hand the dev session to another developer or AI agent.
  • ascli share <path> --permission view โ€” read-only dev review link.

Install

  1. If ascli is already on PATH, use it.
  2. Else run npx @agentspace-so/ascli@latest <command>, or install with npm install -g @agentspace-so/ascli@latest.
  3. If Node.js is not available, tell the user to install it from nodejs.org first.

Do not pipe a remote script into a shell.

Dev safety (what the dev workspace touches)

When the CLI runs for a dev session:

  • It uploads only the dev folder the user explicitly names to agentspace.so. The agent must confirm the exact path with the user before running sync or share โ€” do not default to . unless the user said so.
  • It writes a dev binding file .ascli.json in the bound folder. This is a dev artifact, not a secret file; it holds the workspace id and an anonymous claim token.
  • It optionally reads ~/.config/ascli/config.json if the developer has a custom dev server URL set.
  • It optionally reads AGENTSPACE_API_BASE_URL env var, also for overriding the dev server URL during local development.
  • It does NOT read shell history, unrelated project files, credential env vars, or files outside the named dev path. All dev traffic goes to agentspace.so only.

Guardrails for the agent

  • Do not invent URLs. Only return what ascli prints to stdout.
  • Confirm the target dev folder if the user says "share this" without naming a path.
  • See references/commands.md for exact command variants.
  • See references/developer.md for the dev HTTP API reference.

Comments

Loading comments...