← Back to Skills Marketplace
Openclaw Interaction Bridge
by
snarflakes
· GitHub ↗
· v1.6.3
· MIT-0
149
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install openclaw-interaction-bridge
Description
Bridge OpenClaw agent interactions to any external program! The Snarling demo, for example, shows what the agent is doing and lets you approve or reject acti...
Usage Guidance
This plugin is internally coherent with its stated purpose, but review and take these precautions before installing:
- Source and provenance: the registry entry's Source/Homepage fields are empty; prefer installing from an official/trusted repository (or audit the included code) rather than an unknown origin.
- Set OPENCLAW_APPROVAL_SECRET explicitly (strong secret) instead of relying on the generated UUID; verify Snarling will send that secret in callback JSON bodies.
- Audit the gateway HTTP callback handlers (approval/notification callbacks and any stats endpoints) to ensure they require the approval secret and do not accept unauthenticated requests. If the code exposes stats endpoints without auth, that could leak usage information.
- Confirm the WebSocket 'wake' behavior is acceptable: the external device can trigger agent resumes. If you need stricter controls, restrict which hosts can talk to the gateway or firewall the gateway ports so only the trusted companion device can reach them.
- Note the docs say the tool blocks but the implementation returns immediately and uses TaskFlow/webhook resume; test the behavior with your workflows so you understand timing and UX.
- If you plan to target a different host/port, prefer configuring through a vetted config mechanism; the plugin currently requires editing source constants (SNARLING_URL / CALLBACK_BASE_URL), which is fine but error-prone.
If you want higher assurance, provide the full callback-handler code (the truncated portions) so it can be checked that incoming webhooks are validated and that there are no unexpected outbound network calls beyond localhost.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (bridge agent state, approvals, notifications to a companion display) match the code and SKILL.md. The only declared env var (OPENCLAW_APPROVAL_SECRET) is appropriate for authenticating callbacks to the gateway. The plugin only talks to localhost endpoints (port 5000 for Snarling, port 18789 for gateway callbacks), which is consistent with a local companion device architecture.
Instruction Scope
The SKILL.md and README describe the plugin sending state and POSTing approval/notification payloads to a local Snarling service and exposing callback endpoints on the gateway — that is exactly what the code does. Two inconsistencies worth noting: (1) the docs sometimes say the approval tool 'blocks until a response comes back', but approval_tool.ts explicitly returns immediately and relies on a TaskFlow + webhook/resume model (the code comments explain blocking/polling causes context corruption). (2) The docs describe a WebSocket RPC wake that 'bypasses the gateway's requests-in-flight check' — this is a described behavior that increases the plugin's scope (it allows the external device to wake an agent session). Both are plausible design choices for this plugin but are behavior you should be aware of and audit if you need strict control over when sessions may be resumed.
Install Mechanism
There is no packaged install spec in the registry entry; the project expects the usual local extension workflow (clone repo, npm install, restart gateway). No off-host downloads or obscure URLs are used in the supplied files. package.json lists only a small dependency (@sinclair/typebox) and a peerDependency on OpenClaw; this is proportionate for a plugin of this type.
Credentials
Only OPENCLAW_APPROVAL_SECRET is declared and used. That secret is used to authenticate callback requests from the display service and is proportionate to the plugin's needs. The code will generate a random UUID if the env var isn't set — which is convenient but means callbacks will only work if the display knows that ephemeral secret; for production you should set a stable secret in env.
Persistence & Privilege
The plugin does not request 'always: true' and is user-invocable only. It registers hooks and (presumably) HTTP callback routes on the gateway process (CALLBACK_BASE_URL points at localhost:18789). Registering callback endpoints and allowing an external device to wake sessions is expected for this integration, but it does increase the attack surface: you should verify the callback handlers validate the approval secret and that the gateway's local HTTP endpoints are not exposed to untrusted networks. The described WebSocket wake that bypasses requests-in-flight checks is a functional feature but should be reviewed for safety in your deployment.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-interaction-bridge - After installation, invoke the skill by name or use
/openclaw-interaction-bridge - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.6.3
Broader description: bridges to any external program (Snarling as demo). Added README to skills dir, synced SKILL.md content across both copies.
v1.6.2
Fixed metadata: type=code-plugin, declared OPENCLAW_APPROVAL_SECRET env var. Clean bundle without node_modules.
v1.6.1
Security fix: removed sessionKey from approval callback query params, added envVars to plugin manifest
v1.5.0
UUID secret auth for callbacks, sessionKey/secret in body (not query params), approval tracker, no middleman architecture, manifest env var declaration
v1.4.0
Security: callback auth token (OPENCLAW_APPROVAL_SECRET env var), no hardcoded sessionKey defaults, configurable CALLBACK_BASE_URL, removed curl dependency requirement
v1.3.0
Removed unnecessary curl dependency from SKILL.md, removed package-lock.json (not needed for plugin with one peer dep)
v1.2.0
Moved skill into proper skills/ directory, added skills field to plugin manifest for proper skill discovery
v1.1.0
Cleaned dependencies: minimal package-lock.json, excluded node_modules from publish
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Openclaw Interaction Bridge?
Bridge OpenClaw agent interactions to any external program! The Snarling demo, for example, shows what the agent is doing and lets you approve or reject acti... It is an AI Agent Skill for Claude Code / OpenClaw, with 149 downloads so far.
How do I install Openclaw Interaction Bridge?
Run "/install openclaw-interaction-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Interaction Bridge free?
Yes, Openclaw Interaction Bridge is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Openclaw Interaction Bridge support?
Openclaw Interaction Bridge is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Interaction Bridge?
It is built and maintained by snarflakes (@snarflakes); the current version is v1.6.3.
More Skills