ClawHub

logicx-skill-test

Call LogicX frontend proxy APIs for health checks, browser binding, password login, user info, orders, payments, and account actions.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 73 · 0 current installs · 0 all-time installs
byEvan Yang@QihangYang
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implemented behavior: two bash scripts that call LogicX frontend proxy endpoints via curl. Required binaries (curl, bash) are appropriate. Everything requested and present (scripts, examples, API reference) aligns with a client/agent integration for LogicX.
Instruction Scope
SKILL.md is specific: it confines calls to /api/proxy/* or /api/health, requires confirmation before mutating calls, and instructs use of the provided scripts only. The scripts implement the documented flows (browser binding, password fallback). Notable behavior: the scripts auto-save and load link state and user_token to/from ~/.config/logicx/skill-state.json and will export LOGICX_USER_TOKEN when the script runs; the skill instructs not to echo tokens and the scripts do not print tokens explicitly, but token persistence and use are active and worth noticing.
Install Mechanism
No install/download step is specified (instruction-only plus included scripts). There is no network fetch/installation at runtime beyond contacting the LogicX API. This represents a low install risk.
Credentials
The skill requests no declared environment variables but uses sensible defaults (LOGICX_BASE_URL, LOGICX_AGENT_SERVICE_KEY=openclaw-public) and requires LOGICX_USER_TOKEN for user-scoped calls (it will load this from the local state file if not set). This is proportionate to the described functionality, but the default LOGICX_BASE_URL is a raw IP (http://43.139.104.95:8070) rather than an official domain — you should verify the legitimacy of that host before using the skill.
Persistence & Privilege
The skill persists state (link_code, install_id, user_token) to a file in the user's home (~/.config/logicx/skill-state.json) with 600 permissions. always:false and no system-wide modifications are present. Persisting a user token locally is expected for this auth flow but increases local persistence surface that you may want to manage (inspect, delete, revoke) yourself.
Assessment
This skill appears to do what it says: it uses the included bash scripts to call only the frontend proxy endpoints and stores a user token locally for authenticated calls. Before installing or using it, verify that the base URL/IP (http://43.139.104.95:8070) and the skill's publisher are trustworthy. Prefer the browser-binding flow (do not paste your password into chat unless you explicitly choose the password login fallback). Be aware the skill will create ~/.config/logicx/skill-state.json containing link state or a user_token (file permissions are set to 600). If you stop using the skill, remove that file and/or revoke the token in your LogicX account. If you need stronger assurance, run the scripts in an isolated environment or ask the publisher for an official domain and provenance.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.0.8
Download zip
latestvk97easmps5mnekhqe87pby97x5836jdq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
Binscurl, bash

SKILL.md

LogicX Skill

Interact with the LogicX platform on behalf of the user. All API calls go through the frontend proxy (/api/proxy/*). Use scripts/logicx_api.sh for every request — never write ad-hoc curl commands.

Rules

  • Only call /api/proxy/* (or /api/health). Never call backend /v1/* directly.
  • Default to browser binding. Only ask for email and password if the user explicitly chooses password login.
  • Confirm before any mutating call: payment/create, payment/cancel, auth/change-password, agent/unlink.
  • Never echo LOGICX_AGENT_SERVICE_KEY or LOGICX_USER_TOKEN in full.
  • Never infer binding, membership, order, or payment state — report API responses only.
  • Summarize results in natural language unless the user asks for raw JSON.

Auth

No user token required:

  • GET /api/health
  • POST agent/link/start
  • POST agent/link/status
  • POST agent/auth/login

All other calls require both headers:

Authorization: Bearer <LOGICX_AGENT_SERVICE_KEY>
X-LogicX-User-Token: <LOGICX_USER_TOKEN>

The script handles headers automatically. Built-in defaults: LOGICX_BASE_URL=http://43.139.104.95:8070, LOGICX_AGENT_SERVICE_KEY=openclaw-public.

Default Flow

  1. If connectivity is uncertain, run GET /api/health.
  2. If a user token is needed and none exists, start browser binding (see below).
  3. After login, verify with GET user/.
  4. Run the requested action.

Login: Browser Binding (Default)

{baseDir}/scripts/logicx_api.sh POST agent/link/start '{"install_id":"openclaw-main"}'

The script auto-saves link_code and install_id to ~/.config/logicx/skill-state.json.

Reply to the user:

你可以点击以下链接登录并完成授权:

<login_url>

登录完成后请回来告诉我一声,比如直接回复"我登录好了"。

如果你不想跳转浏览器,也可以直接把用户名和密码告诉我,我可以直接帮你登录。

When the user says they have finished, run:

{baseDir}/scripts/check_link_status.sh

Interpret the response:

  • pending — browser authorization not complete yet; ask the user to confirm and try again
  • expired — ask whether to restart binding
  • confirmed — token saved automatically; verify with GET user/

If the script fails with "No bind state found", restart with agent/link/start.

Login: Password (Fallback)

Only when the user explicitly chooses not to use the browser flow.

{baseDir}/scripts/logicx_api.sh POST agent/auth/login \
  '{"email":"user@example.com","password":"secret","install_id":"openclaw-main"}'

Rate limit: 5 attempts per 15 minutes per IP + email. On 429, tell the user to wait before retrying.

After success, verify:

{baseDir}/scripts/logicx_api.sh GET user/

Common Calls

# Health
{baseDir}/scripts/logicx_api.sh GET /api/health

# Account
{baseDir}/scripts/logicx_api.sh GET user/

# Orders
{baseDir}/scripts/logicx_api.sh GET payment/orders
{baseDir}/scripts/logicx_api.sh GET payment/orders/ORDER_NO

# Payment (confirm before calling)
{baseDir}/scripts/logicx_api.sh POST payment/create '{"plan":"pro_monthly","gateway":"mock"}'
{baseDir}/scripts/logicx_api.sh POST payment/cancel '{"orderNo":"ORDER_NO"}'

# Password change (confirm before calling)
{baseDir}/scripts/logicx_api.sh POST auth/change-password '{"currentPassword":"old","newPassword":"new-min-8"}'

# Unlink device (confirm before calling)
{baseDir}/scripts/logicx_api.sh POST agent/unlink '{"install_id":"INSTALL_ID"}'

Error Handling

  • Agent service key required / Unauthorized — the backend may not have enabled the public key yet; ask the user to try again later or contact LogicX support
  • 429 on login — rate limit hit; wait 15 minutes
  • Auth failure on user-scoped calls — clear the saved token and restart binding

References

  • references/api-reference.md — full endpoint specs
  • examples.md — example dialogues

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…