Pulse Skills

v1.0.0

Use this skill when the user wants to share their AI agent with others, sync files/context to Pulse, search/read/create/edit notes, create shareable agent li...

⭐ 0· 82·0 current·0 all-time

byAwassi@xisen-w

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xisen-w/pulse-skills.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Pulse Skills" (xisen-w/pulse-skills) from ClawHub.
Skill page: https://clawhub.ai/xisen-w/pulse-skills
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pulse-skills

ClawHub CLI

Package manager switcher

npx clawhub@latest install pulse-skills

Security Scan

Capability signals

CryptoRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill's name and SKILL.md describe a sync/share agent (Pulse/Aicoo) which legitimately requires an API key and network access to https://www.aicoo.io. However the registry metadata declares no required environment variables and no primary credential, which contradicts the SKILL.md, README, and scripts that repeatedly require PULSE_API_KEY. That omission in metadata is an incoherence that affects trust and install-time prompts.

ℹ

Instruction Scope

Runtime instructions (root SKILL.md and per-module SKILL.md) direct the agent or user to read local files and git history, build payloads, and POST them to Pulse endpoints (e.g., /accumulate, /os/notes). This is consistent with a context-sync/share skill, but it explicitly performs local file reads and network uploads — users should expect their markdown/docs/git summaries to be transmitted to the remote Aicoo API when enabled. Hooks inject a virtual reminder file into agent bootstraps (OpenClaw handler) and cron/hooks/scripts run periodic syncs: all within the described purpose.

ℹ

Install Mechanism

No formal install spec is provided (instruction-only in registry), which is lower-risk by itself. The repo nevertheless contains many scripts, hooks, and files users are instructed to clone or copy into agent runtimes. There are no opaque external download URLs in an installer, but the README suggests cloning or using npx to add the repo — installing the repo will put scripts/hooks on disk that, if enabled, will run and perform network calls.

Credentials

The code and docs require PULSE_API_KEY and optionally PULSE_BASE and several PULSE_* settings (PULSE_BRIEF_TIME_DURATION, PULSE_BRIEF_SAVE_NOTE, etc.), and the scripts depend on curl, jq, git and filesystem access. Yet the registry metadata lists no required env vars and no primary credential and claims no required binaries. This is a substantive mismatch: the skill needs a credential that grants access to user data and a remote API, but that is not declared in the manifest.

✓

Persistence & Privilege

The skill does not request 'always: true' or other privileged persistent inclusion. Hooks and cron scripts are present and described; they modify or inject files into the agent's session (e.g., push a PULSE_SYNC_REMINDER.md into bootstrapFiles) but do not attempt to change other skills' configurations or escalate privileges. Autonomous invocation is enabled by default (normal for skills) and not a unique additional concern here.

What to consider before installing

This repo appears to implement a legitimate Pulse/Aicoo sync-and-share skill, but the manifest/registry data is inconsistent with the code and docs. Before installing or enabling it: 1) Verify the skill's source (homepage and repo are missing) and confirm https://www.aicoo.io is the expected service. 2) Treat PULSE_API_KEY as sensitive — the scripts will upload local files, git summaries, and notes to the remote API. Consider using a limited-scope or test API key first. 3) Expect to need curl, jq, and git on the host; the registry claim of 'no binaries required' is incorrect. 4) Inspect and optionally sandbox the cron/hooks (pulse-sync.sh, daily-brief-cron.sh, inbox-monitor-cron.sh, pulse-activator.sh, sync-detector.sh) so they only touch directories you intend to share. 5) If you only need a subset of functionality, install only the specific sub-skill modules instead of the umbrella to reduce attack surface. 6) If the registry/marketplace listing omitted PULSE_API_KEY on purpose, ask the publisher to correct the metadata before trusting automatic installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk976psexndqmcn91ajzxsa9rss859bcz

82downloads

0stars

1versions

Updated 6d ago

v1.0.0

MIT-0

Aicoo Skills — Share Your AI Agent

Hero
Aicoo is your AI COO.

Sub
Powered by Pulse Protocol, Aicoo coordinates your agents with other agents — securely, efficiently, across boundaries.

Brand and compatibility model:

Product + app brand: Aicoo
Coordination layer: Pulse Protocol
Root skill compatibility ID remains pulse

Breaking Change (2026-04-16)

API model is now split:

Pulse OS layer (/api/v1/os/*): notes, folders, snapshots, memory, todos, network, share
Tools layer (/api/v1/tools): non-OS tools only (calendar, email, web, messaging, quality, MCP)

GET /api/v1/tools now returns namespace (not category).

Setup

Required: PULSE_API_KEY environment variable.

Generate at: https://www.aicoo.io/settings/api-keys
API docs: https://www.aicoo.io/docs/api

Format: pulse_sk_live_xxxxxxxx (prod) or pulse_sk_test_xxxxxxxx (dev)

Base URL: https://www.aicoo.io/api/v1

Auth header:

Authorization: Bearer $PULSE_API_KEY

Capability 1: Pulse OS API (workspace-native)

Discover OS endpoints

curl -s "$PULSE_BASE/os" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

Browse workspace (ls -> ls -la -> cat)

# ls
curl -s "$PULSE_BASE/os/folders" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# ls -la
curl -s "$PULSE_BASE/os/notes?folderId=5&limit=20" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# cat
curl -s "$PULSE_BASE/os/notes/42" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

Search, grep, create, edit, move, copy notes

# semantic search
curl -s -X POST "$PULSE_BASE/os/notes/search" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query":"investor pitch"}' | jq .

# deterministic grep-style search (regex/literal + line context)
curl -s -X POST "$PULSE_BASE/os/notes/grep" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"pattern":"titleKey|title_key","mode":"regex","caseSensitive":false,"contextBefore":5,"contextAfter":5}' | jq .

# create
curl -s -X POST "$PULSE_BASE/os/notes" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title":"Project Roadmap","content":"# Q2 Plan\n\n..."}' | jq .

# edit
curl -s -X PATCH "$PULSE_BASE/os/notes/42" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title":"Project Roadmap (Updated)","content":"# Updated\n\n..."}' | jq .

# move (mv)
curl -s -X POST "$PULSE_BASE/os/notes/42/move" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"folderName":"Technical"}' | jq .

# copy (cp)
curl -s -X POST "$PULSE_BASE/os/notes/42/copy" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"folderName":"Archive","title":"Roadmap Snapshot Copy"}' | jq .

Snapshots

# save snapshot
curl -s -X POST "$PULSE_BASE/os/snapshots/42" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"label":"Before update"}' | jq .

# list snapshots
curl -s "$PULSE_BASE/os/snapshots/42" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# restore
curl -s -X POST "$PULSE_BASE/os/snapshots/42/restore" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"versionId":7}' | jq .

Network + share

# list links, visitors, contacts
curl -s "$PULSE_BASE/os/network" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# create share link
curl -s -X POST "$PULSE_BASE/os/share" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"scope":"all","access":"read","notesAccess":"read","label":"For investors","expiresIn":"7d"}' | jq .

Todos (OS-native)

# search/list
curl -s "$PULSE_BASE/os/todos?limit=20&completed=false" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# create
curl -s -X POST "$PULSE_BASE/os/todos" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"title":"Prepare investor packet","priority":1}' | jq .

Capability 2: Tools API (non-OS skills)

Use /tools for integrations and non-OS skills.

# discover tools
curl -s "$PULSE_BASE/tools" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# execute a tool
curl -s -X POST "$PULSE_BASE/tools" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"tool":"search_calendar_events","params":{"query":"standup","timeRange":"today"}}' | jq .

Catalog fields:

name: executable tool id
namespace: logical domain (calendar, email, github, notion, ...)
source: provider (native, mcp, composio)
readWrite: access class (read/write)

Native namespaces

Namespace	Example tools
`calendar`	`search_calendar_events`, `schedule_meeting`
`email`	`search_emails`, `send_email`
`web`	`web_search`, `read_url`
`messaging`	`search_pulse_contact`, `send_message_to_human`
`quality`	`refine_content`, `verify_uniqueness`

MCP servers appear in catalog with source: "mcp" and namespace set to server name (github, notion, etc.).

Integrations health + auth actions

# unified OAuth + MCP health surface
curl -s "$PULSE_BASE/tools/integrations" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# disconnect OAuth integration by id
curl -s -X DELETE "$PULSE_BASE/tools/integrations/{id}" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# disconnect MCP OAuth binding by server id
curl -s -X POST "$PULSE_BASE/tools/mcp/{id}/disconnect" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

/tools/integrations status enum is unified across OAuth + MCP:

connected
needs_reauth
disconnected
error

No tokens are returned by this endpoint. Use it as the first health check.

MCP server lifecycle runbook (/tools/mcp)

# list MCP servers
curl -s "$PULSE_BASE/tools/mcp" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# add MCP server
curl -s -X POST "$PULSE_BASE/tools/mcp" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"Notion MCP","serverUrl":"https://<notion-mcp-server-url>","config":{}}' | jq .

# start OAuth (returns authorizeUrl)
curl -s -X POST "$PULSE_BASE/tools/mcp/{id}/authorize" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

# refresh health + discover tools after OAuth
curl -s -X POST "$PULSE_BASE/tools/mcp/{id}/refresh" \
  -H "Authorization: Bearer $PULSE_API_KEY" | jq .

Reusable setup assets:

assets/integrations/verified-mcps.md
assets/integrations/notion-mcp.template.json

Capability 3: Context Sync (bulk)

Use /accumulate for multi-file sync.

curl -s -X POST "$PULSE_BASE/accumulate" \
  -H "Authorization: Bearer $PULSE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "files": [
      {"path": "Technical/architecture.md", "content": "# Architecture\n\n..."},
      {"path": "General/about-me.md", "content": "# About Me\n\n..."}
    ]
  }' | jq .

Capability 4: Identity Files

Identity files in memory/self/ shape runtime behavior:

memory/self/COO.md
memory/self/USER.md
memory/self/POLICY.md

Upload via /accumulate and keep them versioned like any other knowledge file.

Capability 5: Autonomous Updates

After substantive conversations:

Search: POST /os/notes/search
Precise grep (regex/literal + context): POST /os/notes/grep
Snapshot: POST /os/snapshots/{noteId}
Edit/create: PATCH /os/notes/{id} or POST /os/notes
Reorganize by move/copy: POST /os/notes/{id}/move, POST /os/notes/{id}/copy
Bulk sync docs with POST /accumulate

Claude Code loop example

/loop 30m sync key decisions and updates to Aicoo: search existing notes first, snapshot before major edits, then patch or create notes.

Claude Code routine example

/routine auto-sync every weekday at 18:00: search overlap, snapshot before major edits, then patch/create notes and report a concise change log.

Capability 6: Talk to Another Agent

Pulse supports two channels plus handshake/bridge:

/v1/agent/message
- to: "alice" -> human inbox
- to: "alice_coo" -> agent RPC
Share-link guest channel: /api/chat/guest-v04
Access handshake: /v1/network/request, /v1/network/requests, /v1/network/accept
Link bridge: /v1/network/connect

Capability 7: Daily Brief

Use briefing endpoints for executive planning:

POST /v1/briefing
POST /v1/briefing/strategies
POST /v1/briefing/matrix
GET /v1/briefings

Claude Code

/loop 24h generate daily brief with /v1/briefing + strategies + matrix, then return top 3 actions.
/routine daily-brief every weekday at 08:30: run briefing pipeline and publish concise summary.

OpenClaw / cron

30 8 * * 1-5 /path/to/pulse-skills/scripts/daily-brief-cron.sh >> /tmp/pulse-daily-brief.log 2>&1

Capability 8: Inbox Monitoring

Monitor incoming activity via:

GET /v1/conversations?view=all
GET /v1/network/requests
optional: GET /v1/os/network

Claude Code

/loop 15m monitor inbox via /v1/conversations + /v1/network/requests and report only new urgent items.
/routine inbox-monitor every 15 minutes: summarize new inbound messages and pending requests.

OpenClaw / cron

*/15 * * * * /path/to/pulse-skills/scripts/inbox-monitor-cron.sh >> /tmp/pulse-inbox-monitor.log 2>&1

Security Rules

Never expose PULSE_API_KEY
Shared links are sandboxed by scope + permissions
Revoked or expired links lose access immediately
Use snapshots before destructive edits
Validate scope before sending a link externally

Quick Reference

Endpoint	Method	Purpose
`/init`	POST	Initialize workspace
`/os/status`	GET	Workspace summary
`/os/folders`	GET/POST	List/create folders
`/os`	GET	Discover OS endpoints
`/os/notes`	GET/POST	List/create notes
`/os/notes/{id}`	GET/PATCH	Read/edit note
`/os/notes/search`	POST	Semantic search notes
`/os/notes/grep`	POST	Deterministic grep search with line context
`/os/notes/{id}/move`	POST	Move note to another folder (mv)
`/os/notes/{id}/copy`	POST	Copy note to folder/title (cp)
`/os/snapshots/{noteId}`	GET/POST	List/save snapshots
`/os/snapshots/{noteId}/restore`	POST	Restore snapshot
`/os/memory/search`	POST	Search memory
`/os/network`	GET	Links + visitors + contacts
`/os/share`	POST	Create share link
`/accumulate`	POST	Bulk sync
`/os/share/list`	GET	List links
`/os/share/{linkId}`	PATCH/DELETE	Update/revoke link
`/os/todos`	GET/POST	List/create todos
`/tools`	GET/POST	Discover/execute non-OS tools
`/tools/namespaces`	GET/PUT	List/toggle enabled namespaces
`/tools/integrations`	GET	Unified OAuth + MCP health
`/tools/integrations/{id}`	DELETE	Disconnect OAuth integration
`/tools/mcp`	GET/POST	List/add MCP servers
`/tools/mcp/{id}`	GET/PATCH/DELETE	Inspect/update/remove MCP server
`/tools/mcp/{id}/authorize`	POST	Start MCP OAuth flow
`/tools/mcp/{id}/refresh`	POST	Check MCP health + discover tools
`/tools/mcp/{id}/disconnect`	POST	Disconnect MCP OAuth binding
`/agent/message`	POST	human or agent routing
`/network/request`	POST	Request friend/agent access
`/network/requests`	GET	List pending requests
`/network/accept`	POST	Accept/reject request
`/network/connect`	POST	Token -> friend + agent link
`/briefing`	POST	Generate daily executive briefing
`/briefing/strategies`	POST	Generate top 3 COO priorities
`/briefing/matrix`	POST	Generate Eisenhower matrix
`/briefings`	GET	Briefing history
`/conversations`	GET	Inbox/conversation monitoring

Guest endpoints (no API key)

Endpoint	Method	Purpose
`/api/chat/guest-v04?token=X&meta=true`	GET	Inspect link metadata
`/api/chat/guest-v04`	POST	Chat with shared agent

Comments

Loading comments...