ClawHub

OpenClaw Documentation Expert — Live Fetch

v1.4.0

Fetches live from docs.openclaw.ai on every question. 395 pages indexed, working scripts (not echo placeholders), CI-style selftest for decision-tree rot, wo...

0· 28·0 current·0 all-time
by@igornumeriano
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match implementation. The skill only needs curl and the provided scripts to fetch pages, search the index, verify freshness, and run a self-test; these are proportional to a live-docs fetcher.
Instruction Scope
Runtime instructions limit network I/O to docs.openclaw.ai and to local script operations. The only local write is scripts/record_miss.sh which appends routing misses (timestamp, question, path) to ~/.openclaw/openclaw-docs/misses.md. selftest.sh reads the shipped SKILL.md and EXAMPLES.md to validate referenced doc paths. No instructions or scripts read arbitrary system files, environment secrets, or contact other external endpoints.
Install Mechanism
No install spec; scripts are included in the skill bundle (small bash scripts). No downloads from third-party or shortener URLs and no archives are extracted. Risk from installation is low.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That aligns with its function of fetching public docs and local logging.
Persistence & Privilege
always:false (no forced/global inclusion). The skill will create and append to a local file under the user's home (~/.openclaw/openclaw-docs/misses.md) for routing misses; this is limited local persistence and does not modify other skills or system-wide settings. The skill can be invoked autonomously (disable-model-invocation:false) which is the platform default — no additional privilege requested.
Assessment
What to consider before installing: - The skill performs live HTTP fetches only to docs.openclaw.ai (llms.txt, llms-full.txt, and <page>.md). If you need a strict offline or limited-network environment, block or review network access. - It records routing misses (timestamp | question | fetched path) to ~/.openclaw/openclaw-docs/misses.md. That file lives on the local filesystem; if you are concerned about storing copies of user queries, inspect or relocate that behavior before use. - The included scripts are short, readable Bash using curl/grep/sed; review them yourself if you want to be extra cautious. selftest.sh will make many HEAD/GET requests when run (CI-style), which can be noisy or rate-limited by the docs host. - No credentials or secrets are requested, and the skill does not contact unknown external endpoints — a good sign. If you combine this skill with other skills that do request credentials or that can access arbitrary files, re-evaluate combined risk. - Overall this appears coherent and proportional to its stated purpose; install if you trust docs.openclaw.ai and are comfortable with the local misses log and occasional verification traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ettq2vwm43948867jdtja8184q6pc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binscurl

Comments