Claw Quest Connect

v0.1.3

Use when the user wants to connect Claw Quest Android to this OpenClaw gateway with the manual URL+token flow, send those details over WhatsApp, and optional...

⭐ 0· 107·0 current·0 all-time

by@sandrokitchener

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sandrokitchener/clawquest-connect.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Claw Quest Connect" (sandrokitchener/clawquest-connect) from ClawHub.
Skill page: https://clawhub.ai/sandrokitchener/clawquest-connect
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: openclaw
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawquest-connect

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawquest-connect

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The skill requires the 'openclaw' binary and the SKILL.md only invokes openclaw commands (config get, plugins inspect, devices list/approve). Those requirements align with the described purpose of retrieving gateway URL/token/password and managing device pairing.

Instruction Scope

Instructions tell the agent to read local gateway secrets (gateway.auth.token or gateway.auth.password) and to always send them via WhatsApp if outbound WhatsApp is configured. The skill does not specify how the WhatsApp recipient is selected or require explicit user confirmation before transmitting secrets. It also permits automatically approving the next matching pairing request without an explicit final confirmation. These behaviors can lead to inadvertent secret disclosure or unintended approvals.

✓

Install Mechanism

Instruction-only skill with no install steps or external downloads; this is low risk and consistent with the metadata.

ℹ

Credentials

The skill declares no environment variables, which is consistent, but it does read sensitive local configuration values (gateway.auth.token/password) via openclaw. Reading and transmitting one auth value is proportionate to a manual-setup flow, but it is sensitive and should be explicitly consented to and targeted only to a confirmed recipient.

✓

Persistence & Privilege

always is false and the skill is user-invocable; it does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other privilege red flags.

What to consider before installing

This skill appears to do what it says (use openclaw to fetch the gateway URL and the single auth value required for manual setup) but it will read and transmit that secret and may auto-approve a pairing. Before installing or running it: 1) Confirm who the WhatsApp recipient will be and require explicit user confirmation before sending any token/password; 2) Prefer showing the secret in chat and letting the user paste it unless they explicitly request WhatsApp handoff; 3) Require an explicit confirmation step before approving any pairing request; 4) Verify the device-pair plugin is enabled and check audit logs after pairing; 5) Consider rotating the token/password after pairing if exposure is a concern. If you need stricter controls (e.g., never send secrets to external services automatically), ask the skill author to add explicit recipient selection and a confirmation prompt in the SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSWindows · Linux · macOS

Binsopenclaw

latestvk97cb1jdghspn839v73mr35zs984c0bp

107downloads

0stars

3versions

Updated 2w ago

v0.1.3

MIT-0

Windows, Linux, macOS

ClawQuest Connect

Use this skill when the user asks to:

connect Claw Quest
send Claw Quest mobile connection details
pair Claw Quest Android with this gateway
approve the next Claw Quest Android pairing request

This skill is intentionally based on the manual setup flow.

Do not default to QR codes or setup codes. Do not invent a Claw Quest-specific token format.

Connection policy

The preferred Claw Quest flow is:

Resolve the current public Gateway WebSocket URL.
Resolve the current shared gateway auth token or password.
Send those details to the user in a single copy/paste-friendly WhatsApp message when WhatsApp is configured.
Tell the user you are doing that.
Watch for the next matching Claw Quest Android pairing request and approve it once.

If WhatsApp is not configured, say so plainly and provide the same details in chat.

What to inspect first

Run these read-only checks first:

openclaw config get gateway.auth.mode
openclaw config get gateway.remote.url
openclaw plugins inspect device-pair

Also inspect whichever auth secret matches the configured auth mode:

Token mode:

openclaw config get gateway.auth.token

Password mode:

openclaw config get gateway.auth.password

Interpretation:

Prefer gateway.remote.url as the public wss://... address for Claw Quest.
If gateway.remote.url is missing, explain that the public URL must be supplied or configured before Claw Quest manual setup will be smooth.
If gateway.auth.mode is token, send the gateway token.
If gateway.auth.mode is password, send the gateway password instead and label it clearly.
If the device-pair plugin is disabled, say so clearly because pairing help may be unavailable or limited until it is enabled.

WhatsApp handoff

If outbound WhatsApp messaging is configured on this host, always send the connection details there after resolving them.

Tell the user explicitly:

that you are sending the connection details over WhatsApp
that this is to make mobile copy/paste easier
that they should use Manual Setup inside Claw Quest Android

Send a single compact message containing only:

Gateway URL: <wss://...>
Gateway token: <token> or Gateway password: <password>
Use Claw Quest Android -> Manual Setup

Do not add extra formatting that makes mobile copy/paste harder.

If WhatsApp sending fails or is unavailable:

say so plainly
provide the same three lines in chat instead

Pairing watch-and-approve

When the user asks to connect Claw Quest, you may automatically approve the next matching Android pairing request one time.

Start a short watch loop:

openclaw devices list --json

Poll every 3 seconds for up to 2 minutes.

Approve only the first pending request that matches Claw Quest Android as closely as possible:

displayName: Claw Quest Android
platform: android
clientId: gateway-client
clientMode: backend
requested role operator
requested scopes include operator.read and operator.write

Approve it with:

openclaw devices approve <requestId>

Then immediately confirm with:

openclaw devices list --json

Tell the user whether approval succeeded and whether the paired device now shows:

role operator
scopes operator.read and operator.write

Stop after one approval. Do not auto-approve unrelated requests.

What to tell the user

When helping the user connect, be direct:

say which public Gateway URL you are using
say whether you are sending the token or password
say that Claw Quest should use Manual Setup
say that you are watching for and approving the next Android pairing request once

If connection still fails even with the correct manual token:

inspect openclaw devices list --json
explain whether the phone ever reached the pending-pairing stage
distinguish auth failed before pairing from pairing pending approval

Safety rules

Never claim this skill can bypass gateway auth policy.
Never approve a non-matching device as Claw Quest Android.
Never rotate or remove device credentials unless the user explicitly asks.
Never expose any secrets beyond the current gateway URL plus the one auth value needed for manual setup.

Comments

Loading comments...