ClawHub

Ruby On Rails Gateway

v1.0.0

Configure and operate a Ruby On Rails Agent Gateway integration from the OpenClaw side for briefing pull workflows. Use when setting up OpenClaw to read app...

2· 451·0 current·0 all-time
byJesse Waites@jessewaites
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Skill purpose (Rails Agent Gateway briefing pulls) matches the actions described in SKILL.md (curl/helper script + bearer token + path secret). However the registry metadata lists no required environment variables or config paths while the SKILL.md explicitly requires AGENT_GATEWAY_TOKEN and AGENT_GATEWAY_SECRET (and optionally RAILS_GATEWAY_URL/RAILS_GATEWAY_TOKEN). The missing declarations are an incoherence: the skill will need secrets despite metadata claiming none.
!
Instruction Scope
Instructions direct the agent to perform network fetches against a user-provided Rails endpoint and to run a local helper script at /home/node/.openclaw/workspace/scripts/rails-gateway-briefing when present. The SKILL.md asks to read environment variables and to show exact export commands if env vars are missing. These behaviors are consistent with the stated purpose but reference a specific filesystem path and expect sensitive env vars — neither of which are declared in the registry metadata. The guidance to 'show exact export commands' could lead to accidentally revealing secrets if not handled carefully.
Install Mechanism
No install spec or bundled code is present (instruction-only), which reduces supply-chain risk. However the skill assumes an external Ruby gem is mounted on the Rails app and optionally a helper script exists in the agent workspace; those artifacts are not provided by the skill and must be verified/trusted separately.
!
Credentials
Requesting a bearer token (AGENT_GATEWAY_TOKEN) and a path secret (AGENT_GATEWAY_SECRET) is proportionate to the skill's function, but the registry metadata does not declare these required env vars. The omission means users may not realize they must supply sensitive credentials. The skill also mentions RAILS_GATEWAY_URL/RAILS_GATEWAY_TOKEN as alternatives — multiple secret-bearing variables increase risk if not documented and handled properly.
Persistence & Privilege
The skill does not request persistent/always-on inclusion and does not modify other skills or global agent settings. It operates at runtime and, as written, performs read-only pulls unless the user explicitly requests write actions.
What to consider before installing
This skill appears to do what it says (pull read-only briefing data from a Rails '/agent-gateway/.../briefing' endpoint), but the SKILL.md requires sensitive env vars (AGENT_GATEWAY_TOKEN, AGENT_GATEWAY_SECRET) and references a local helper script while the registry metadata lists none. Before installing: 1) Verify you actually need to provide the bearer token and path secret and that you understand where they'll be stored; prefer using a scoped, read-only token and rotate it frequently. 2) Confirm the helper script path (/home/node/.openclaw/workspace/scripts/rails-gateway-briefing) and its contents — do not run or trust scripts you haven't inspected. 3) Be cautious when the skill asks to 'show exact export commands' — never paste secrets into public chat or logs; provide values via secure secrets management. 4) Ensure the target RAILS_GATEWAY_URL is your known app (no unexpected third-party endpoints). 5) If metadata/packaging doesn't declare required env vars, ask the publisher for an updated manifest that explicitly lists needed credentials and any filesystem accesses; if you can't verify those, treat the skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9795n22ev9xx75zv78j4x8rd581pftf
451downloads
2stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Jesse Waites@jessewaites
latest
Download

Rails Agent Gateway

This skill works in tandem with the agent_gateway Ruby gem, a mountable Rails engine that must be installed and configured on the Rails side (gem "agent_gateway" + initializer). This skill handles the OpenClaw-side setup and usage for pulling data from that endpoint.

Quick Workflow

  1. Confirm required env vars are available.
  2. Validate endpoint connectivity with a non-destructive briefing fetch.
  3. Pull briefing data for a selected period/resources.
  4. Summarize result counts, aggregations, and latest records.
  5. If requested, prepare commands suitable for cron/automation.

Required Environment

Require these variables before any live fetch:

  • AGENT_GATEWAY_TOKEN (bearer token — set in the Rails app initializer as c.auth_token)
  • AGENT_GATEWAY_SECRET (path secret — set as c.path_secret)

The OpenClaw helper script may also read:

  • RAILS_GATEWAY_URL (full /briefing URL, e.g. https://myapp.com/agent-gateway/<secret>/briefing)
  • RAILS_GATEWAY_TOKEN (maps to bearer token)

If env vars are missing, stop and show the exact export commands needed.

Authentication

The gem uses two-layer auth:

  1. Path secret — embedded in the URL (/agent-gateway/<secret>/briefing). Wrong value returns 404 (endpoint appears nonexistent).
  2. Bearer token — sent via Authorization header. Wrong/missing value returns 401.

Both are compared using timing-safe secure_compare.

Command Patterns

Direct curl

curl -H "Authorization: Bearer $AGENT_GATEWAY_TOKEN" \
  "https://myapp.com/agent-gateway/$AGENT_GATEWAY_SECRET/briefing?period=7d&resources=users,orders"

Helper script

Prefer the local helper script when present:

/home/node/.openclaw/workspace/scripts/rails-gateway-briefing --period 7d

With explicit env vars:

RAILS_GATEWAY_URL='https://myapp.com/agent-gateway/<secret>/briefing' \
RAILS_GATEWAY_TOKEN='***' \
/home/node/.openclaw/workspace/scripts/rails-gateway-briefing --period 7d --resources users,orders

Query Parameters

ParamDescriptionExample
periodTime window: 1d, 7d, 30d, 90d, 1y, all?period=30d
resourcesComma-separated resource keys?resources=users,orders
latestOverride latest count for all resources?latest=10

Resource-Scoped Pulls

Resources are configured per-app via the gem's DSL. Common examples:

  • --resources users
  • --resources orders

Use --latest N to cap detailed rows while keeping counts.

The gem DSL also supports aggregations (count, sum, avg) on numeric columns — these appear in the response alongside count and latest.

Safety Rules

  • Never print or echo live tokens in user-visible output.
  • Redact secrets in pasted commands.
  • Do not perform external write actions unless explicitly asked.
  • Keep pulls read-only (briefing endpoint usage only).

Troubleshooting

If calls fail:

  1. Confirm helper script exists and is executable.
  2. Confirm endpoint URL includes /agent-gateway/<secret>/briefing.
  3. Confirm bearer token is current (AGENT_GATEWAY_TOKEN).
  4. Check two-layer auth: 404 = bad path secret, 401 = bad bearer token.
  5. Retry with minimal scope (--resources users --period 7d --latest 1).
  6. Report exact error class (auth/network/format), then propose a fix.

For reusable command snippets and output interpretation, read references/usage.md.

Comments

Loading comments...