ClawHub

Gleap

v1.0.0

Gleap REST API integration for customer support analytics and ticket management. Use when the user asks to fetch support tickets, analyze customer support me...

1· 11·0 current·0 all-time
by@berthelol
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the required env vars (GLEAP_TOKEN, GLEAP_PROJECT) and the curl/jq usage. Minor mismatch: the docs and examples call out use of 'bc' and rely on date flags like '-v' (BSD/macOS syntax) but 'bc' is not listed in required binaries and the date usage is not portable to all Linux systems. Otherwise required items are proportional to the stated purpose.
Instruction Scope
SKILL.md contains concrete curl examples, pagination loops, and instructions to fetch `/statistics/raw-data` and `/tickets` (including full pagination to aggregate all records). That is coherent for analytics/reporting, but it means the skill's runtime instructions will collect potentially large volumes of customer data (possibly including PII). No instructions attempt to read local files, other env vars, or contact unexpected endpoints, but there is a promotional/referral link in the docs.
Install Mechanism
Instruction-only skill (no install spec, no archives). This is the lowest-risk install model — nothing is written to disk by the skill package itself.
Credentials
Only GLEAP_TOKEN (primary) and GLEAP_PROJECT are required, which is appropriate. Reminder: GLEAP_TOKEN is a service/JWT token and likely grants broad access within the project; the skill's example workflows explicitly aggregate all tickets/raw events, so the token provides access to potentially sensitive data. No other unrelated credentials are requested.
Persistence & Privilege
always:false and user-invocable:true (default) — no elevated persistence requested and autonomous invocation is the platform default. The skill does not request changes to other skills or system-wide settings.
Assessment
This skill appears to do what it says: run curl/jq against Gleap using the provided project token and project ID. Before installing: (1) Treat GLEAP_TOKEN as a high-privilege credential — prefer a least-privilege/read-only token or a scoped service account if Gleap supports it. (2) Be aware the provided examples fetch complete ticket/raw-data and paginate to aggregate all records — those flows will surface customer data (including PII) so avoid running them with production tokens unless you intend to export that data. (3) The instructions use 'bc' and macOS-style date flags (-v) but only declare curl and jq as required; ensure your runtime environment has 'bc' (if you use the formatting helpers) and adjust date commands for your OS. (4) The docs include a promotional/referral URL; that is not part of runtime behavior but is worth noting. (5) Keep GLEAP_TOKEN in a secure secret store, avoid printing it in logs, and rotate it if you stop using the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk979j8mmcw9a4xfv2ht1c1bdfh849rmb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq
EnvGLEAP_TOKEN, GLEAP_PROJECT
Primary envGLEAP_TOKEN

Comments