Interactive Widget

v0.1.2

Create shareable interactive web pages — dashboards, charts, forms, simulations — via the duoduo-widget CLI. Each widget gets a permanent URL that works in a...

⭐ 1· 156·0 current·0 all-time

by@kuaner

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the instructions: the SKILL.md documents how to open, stream, update, patch, and finalize shareable widgets via the duoduo-widget CLI. No unrelated env vars, binaries, or config paths are requested.

✓

Instruction Scope

Runtime instructions are narrowly scoped to building and pushing HTML fragments to the duoduo-widget service, using patches or full HTML. The doc explicitly forbids network APIs from the widget (fetch/XHR/WebSocket) and warns not to expose control_url/control_token. The instructions do not instruct reading unrelated system files or environment variables.

ℹ

Install Mechanism

There is no install spec (instruction-only). The Quick Start suggests npm install -g @openduo/duoduo-widgets, but the skill does not itself install anything. That is proportionate for a CLI guide, however the referenced npm package and service are external and the skill provides no homepage or source link to verify.

✓

Credentials

The skill requires no environment variables, credentials, or config paths. All operations are expected to use the duoduo-widget CLI and its output; nothing requests unrelated secrets.

✓

Persistence & Privilege

always:false and no install or system-wide changes are requested. The skill does not request persistent privileges or modify other skills' configs.

Assessment

This is a usage guide for a third-party CLI/service rather than code bundled into the agent. Before using: (1) verify you trust the @openduo/duoduo-widgets package and the service it talks to (there is no homepage/source in the skill metadata), (2) avoid putting secrets or private data into widget HTML or patches (these are uploaded to the provider), and (3) follow the skill's guidance to never reveal control_url/control_token. If you need to display sensitive information, consider hosting widgets yourself or using a trusted alternative.

Like a lobster shell, security has layers — review code before you run it.

latestvk976r6qx6svkv0g24e4neprzah83tdsj

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Interactive Widget

License

Comments