graineai

v1.0.1

Manage voice agents, place and transfer calls, handle telephony events, and retrieve call records using the NoddyAI API at graine.ai.

⭐ 0· 124·0 current·0 all-time

byRishabh Bhanot@rishabh171998

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for rishabh171998/graineai.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "graineai" (rishabh171998/graineai) from ClawHub.
Skill page: https://clawhub.ai/rishabh171998/graineai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install graineai

ClawHub CLI

Package manager switcher

npx clawhub@latest install graineai

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The skill claims to manage voice agents and telephony on graine.ai and all documented endpoints match that purpose. One minor inconsistency: SKILL.md explicitly requires a Graine/NoddyAI API key (gat_...) and an org_id, but the registry metadata lists no required env vars — the documentation asks the host to supply secrets, yet those secrets are not declared in the skill metadata.

✓

Instruction Scope

SKILL.md and the example files limit actions to constructing HTTP calls to https://api.graine.ai, handling call-related resources, and instruct users to obtain explicit consent for high-impact actions (outbound calls, transfers, deletes). There are no instructions to read unrelated files, probe other services, or exfiltrate data.

✓

Install Mechanism

No install spec or code is included — this is instruction-only markdown, so nothing is written to disk or executed by an installer.

ℹ

Credentials

Requesting an API key (gat_...) and org_id is proportionate to telephony/agent management. The skill appropriately asks the host to provide these secrets rather than embedding them. However, those required credentials are not reflected in the registry's required-env metadata, which may cause confusion during install/configuration.

✓

Persistence & Privilege

The skill is not force-included (always: false) and does not request system-wide persistence or access to other skills' configs. The default ability for the agent to invoke the skill autonomously is enabled, but SKILL.md emphasizes explicit user confirmation for high-impact actions.

Assessment

This package is documentation-only and appears to be what it claims: a reference for calling graine.ai/NoddyAI APIs. Before installing or enabling it, verify the following: 1) The host/workspace must supply your Graine API key (gat_...) and org_id securely — confirm where those secrets are stored and who/what can access them, since the skill metadata did not declare them. 2) Understand billing/telephony implications: outbound or batch calls may incur costs and legal requirements (consent, local regulations). 3) Confirm webhook URLs before you PATCH/POST them — they may receive recordings/transcripts with PII; use HTTPS and endpoints you control. 4) Some example agent configurations reference third-party providers (Deepgram, ElevenLabs, OpenAI, Azure, etc.); enabling those integrations will require separate credentials for those services. 5) Although the skill instructs to ask for explicit user confirmation for risky actions, make sure your agent/host enforces that prompt and does not auto-execute high-impact operations without user approval. If you want stronger hygiene, ask the author to update registry metadata to declare required env variables (API key, org_id) so host/tooling can surface configuration errors up front.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wwvq3fhph7eh0btsn391w983xrsz

124downloads

0stars

2versions

Updated 4w ago

v1.0.1

MIT-0

NoddyAI API Skill

Call the NoddyAI platform API (graine.ai) to manage voice agents, place calls, handle telephony, and retrieve call records.

Security, credentials, and user consent (read first)

No secrets ship in this skill. This package is documentation only (markdown files). It does not contain API keys, tokens, passwords, or org_id values. Operators must supply credentials via the host (OpenClaw secrets, environment variables, or your workspace's approved credential store - see host documentation). The model must use Authorization: Bearer only with a key the user or runtime already configured, never invent or embed credentials in skill text.

Declare required configuration to the user. Before any API call, ensure a Graine/NoddyAI API key (prefix gat_) and an organization- id are available from configuration; if missing, ask the user to add them - do not proceed with placeholder secrets.

Confirm before high-impact actions. Obtain explicit user confirmation before: placing outbound or batch calls, transferring live calls, revoking API tokens, deleting agents, or changing inbound webhook URLs. Summarize the exact numbers, agent IDs, or URLs affected.

What “save IDs” means. Retain call_sid, agent IDs, and similar values only in the current task/session so follow-up calls (e.g. GET call status) work. Do not send credentials or tokens to third parties; do not store identifiers beyond what the user expects for the active workflow.

Webhooks. webhook_url and inbound webhook fields send events to URLs the user provides. They must verify those endpoints are under their control before PATCH/POST that set webhooks.

ClawHub / OpenClaw notes

This skill describes HTTP calls to https://api.graine.ai. It does not require a local openclaw run command (many CLI versions have no run - use openclaw --help).
Test locally with curl or any HTTP client; see README.md for CLI troubleshooting and ClawHub publish tips (slug conflicts, network status codes).

Setup

Credential source (not in repo): API key and org id come from user/host configuration only.

All requests require:

Base URL: https://api.graine.ai (fixed; no other base URLs for this skill)
Auth header: Authorization: Bearer <API_KEY> - key prefix gat_, supplied by the user or secret store
org_id: organization ID (format organization-XXXX), supplied by the user or secret store

Refer to endpoints.md for the full endpoint reference and examples.md for ready-to-use request bodies.

How to use this skill

When the user asks you to interact with NoddyAI, identify which operation they need from the list below and construct the HTTP request using the details in endpoints.md.

Operations available

#	Operation	Method	Path
1	Validate API token	GET	`/api/v1/api-tokens/validate-token`
2	List API tokens	GET	`/api/v1/api-tokens/list-tokens`
3	Revoke API token	DELETE	`/api/v1/api-tokens/revoke-token/{token}`
4	Create voice agent	POST	`/api/v1/agents`
5	Get agent (runtime format)	GET	`/api/v1/agents/{agent_id}`
6	List agents	GET	`/api/v1/agents`
7	Update agent voice/synthesizer	PATCH	`/api/v1/agents/{agent_id}`
8	Update agent system prompt	PATCH	`/api/v1/agents/{agent_id}`
9	Add API tool/skill to agent	PATCH	`/api/v1/agents/{agent_id}`
10	Delete agent	DELETE	`/api/v1/agents/{agent_id}`
11	Make outbound call	POST	`/api/v1/telephony/call`
12	Get call status	GET	`/api/v1/telephony/call/{call_sid}`
13	Transfer call (human handoff)	POST	`/api/v1/telephony/transfer`
14	Create inbound agent	POST	`/api/v1/telephony/inbound-agents`
15	Update inbound webhook URLs	PATCH	`/api/v1/telephony/inbound-agents/webhooks`
16	Submit batch call	POST	`/api/v1/batch/calls`
17	Upload CSV batch	POST	`/api/v1/batch/upload`
18	List call records	GET	`/api/v1/calls`
19	Get single call record	GET	`/api/v1/calls/{call_sid}`

Response behavior

Always show the HTTP status and response body to the user (redact full Bearer tokens if echoing headers).
For call_sid values returned from telephony, keep them in this conversation for follow-up status checks only.
For agent IDs from create operations, keep them in this conversation for follow-up PATCH/DELETE only.
Webhook payload shapes are in webhooks.md - use when the user builds or debugs their own webhook servers.

Comments

Loading comments...