Skill
v0.8.13Route tool requests through Clawvisor for credential vaulting, task-scoped authorization, and human approval flows. Use for Gmail, Calendar, Drive, Contacts,...
⭐ 1· 624·2 current·2 all-time
byEric Levine@ericlevine
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (credential vaulting, approvals, gatewaying Gmail/Drive/GitHub/iMessage) match the declared env vars (CLAWVISOR_URL, CLAWVISOR_AGENT_TOKEN, OPENCLAW_HOOKS_URL) and the provided policies. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to call Clawvisor HTTP endpoints (catalog, tasks, gateway/request), to register tokens in ~/.claude/settings.json, and to use an e2e helper for relay encryption. These actions are consistent with a proxy/gatekeeper skill. Pay attention to the explicit guidance to run one-line curl commands and to storing the agent token in a local settings file (this touches user config and is necessary for operation but increases local exposure if the file is insecure).
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts. Lowest install risk — nothing is written to disk by the skill itself beyond the user's manual credential placement.
Credentials
Requested env vars are proportional to the gateway role. CLAWVISOR_AGENT_TOKEN is explicitly flagged as high-privilege in the docs and functions as the primary credential — appropriate for this skill but requires careful scoping, rotation, and storage. OPENCLAW_HOOKS_URL and CLAWVISOR_URL are reasonable for callbacks and endpoint discovery.
Persistence & Privilege
always:false and no install hook; the skill does not request permanent/force-included presence or modify other skills. It can be invoked autonomously by the agent (normal default) — combine this fact with careful policy configuration if you want to limit autonomous writes.
Assessment
This skill appears to do what it claims, but it requires a high‑privilege CLAWVISOR_AGENT_TOKEN which lets the agent perform any action permitted by the Clawvisor dashboard. Before installing: (1) only use a token scoped to the minimum services/permissions needed and be ready to revoke/rotate it; (2) ensure CLAWVISOR_URL points to a trusted instance you control or trust (a third‑party relay can act on your behalf); (3) protect ~/.claude/settings.json (don't make it world-readable) or use a secure secret store; (4) enable approval policies (require_approval for writes/deletes) and keep auto_execute limited to read-only actions; (5) require E2E encryption when using a cloud relay; and (6) monitor audit logs and notifications for unexpected actions. If you cannot limit the token or control the Clawvisor instance, treat the token as equivalent to giving the skill direct API access and proceed with caution.Like a lobster shell, security has layers — review code before you run it.
latestvk974e0y6nbzrqe27kbnbnxs66584ynhg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
EnvCLAWVISOR_URL, CLAWVISOR_AGENT_TOKEN, OPENCLAW_HOOKS_URL
Primary envCLAWVISOR_AGENT_TOKEN