← Back to Skills Marketplace
xmanatee

Pubblue

by Michael Nome · GitHub ↗ · v5.1.2
cross-platform ⚠ suspicious
611
Downloads
0
Stars
0
Active Installs
13
Versions
Install in OpenClaw
/install pubblue
Description
Publish and visualize output via the pubblue CLI, with live P2P browser sessions.
Usage Guidance
This skill appears to do what it says (publishing and live P2P visualization), but exercise caution before installing and running the external pubblue CLI: 1) There is no source or homepage included in the skill bundle — verify the npm package and its source repository (pub.blue / npm) before installing. 2) Installing via npm or using npx will execute third-party code; prefer inspecting the package source first or installing in a disposable/sandbox environment. 3) The CLI stores an API key in a config file under ~/.openclaw/pubblue by default and can access the agent workspace (OPENCLAW_WORKSPACE); to reduce risk, set PUBBLUE_CONFIG_DIR to a sandboxed directory and avoid placing secrets in shared workspaces. 4) Live mode establishes P2P/browser sessions — only use with trusted peers and in environments where outbound/inbound connections are acceptable. If you need higher assurance, ask the skill author for the CLI source repo or a signed release and audit the package before granting it any credentials or access.
Capability Analysis
Type: OpenClaw Skill Name: pubblue Version: 5.1.2 The skill facilitates publishing agent output and establishing live P2P sessions via the pubblue CLI. It involves high-risk operations including global NPM package installation (pubblue@latest) and the execution of a background daemon (pubblue start) for P2P communication. While these capabilities are aligned with the stated purpose of real-time visualization, the requirement for persistent network connections and broad shell permissions (Bash, Read, Write) constitutes a significant attack surface without clear evidence of malicious intent.
Capability Assessment
Purpose & Capability
Name/description (publish & live P2P visualization) match the runtime instructions: SKILL.md only describes using the pubblue CLI to create/list/update/delete pubs and run a daemon for live browser-initiated P2P sessions. Nothing in the instructions asks for unrelated credentials or capabilities. However, the skill provides no source/homepage and relies on an external npm package (pubblue) that is not included in the bundle — the provenance of that CLI is unknown.
Instruction Scope
The instructions tell the agent to install/run the pubblue CLI and to store an API key (via pubblue configure) in a config file under ~/.openclaw/pubblue/config.json (or a directory overridden by PUBBLUE_CONFIG_DIR). The daemon bridges into OPENCLAW_WORKSPACE by default, and live sessions establish P2P/browser connections. These behaviors are consistent with the feature set, but they also give the externally installed CLI potential access to agent workspace files and to networked peers. The SKILL.md also demonstrates reading local files (notes.md, /tmp/view.html) and describes consumptive reads — all reasonable for publishing but worth noting as data exposure vectors.
Install Mechanism
This is an instruction-only skill (no install spec). SKILL.md recommends installing pubblue via npm (npm i -g pubblue@latest) or using npx. That means code will be pulled from the public npm registry at runtime; the skill package itself doesn't contain or vet that code. Using npx can execute remote packages transiently, increasing the risk if the npm package is malicious or compromised.
Credentials
The manifest declares no required env vars or credentials, which is proportional. The runtime docs reference PUBBLUE_CONFIG_DIR and OPENCLAW_WORKSPACE env vars as overrides and instruct storing an API key in a config file. Requiring an API key for the pub.blue service is expected, but persisting that key under the agent workspace (default ~/.openclaw/...) or allowing the CLI to access workspace files increases the blast radius for accidental secret exposure.
Persistence & Privilege
The skill does not request always:true and does not declare system-wide installs itself. Autonomous invocation is allowed (platform default). The skill will persist an API key in its own config file by design, which is normal for a CLI client, but note the default config path is inside the agent's home (~/.openclaw), which could allow access to other agent artifacts if the CLI is compromised.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pubblue
  3. After installation, invoke the skill by name or use /pubblue
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.1.2
Auto-publish from commit ee5f248ff4d308eea7f1e1dc136b27bde54a2228
v5.1.1
Auto-publish from commit 0523641e980cdeba842f8ba6f39f99e0c41af65d
v5.0.0
Auto-publish from commit af1ce1a755d1d30dfd46bdc90e8b652854405379
v3.4.11
Auto-publish from commit ec237efefd9694ab4e9d08b12ece36d4a4959f7c
v3.4.10
Auto-publish from commit 84e5a20a2dc76708443a4752ca3097ccb32727d5
v3.4.7
Auto-publish from commit 47106272487cfdf0f61e1d86bec700ed8c9a440e
v3.4.5
Auto-publish from commit 7ac91d45e11f1fd1ede925a95d212af5fb414fda
v3.4.4
Auto-publish from commit d0101c9711df6b79fbc695c53b58ac5527fbaff4
v3.4.2
Auto-publish from commit 4bab451100c1e2489271bc05b998ec49d56959f9
v3.2.0
Auto-publish from commit 59a843010e5d26608ab59397eb0e3609e16ac0bc
v3.1.0
Auto-publish from commit 36b36fdafb355baa8f4bfb1c002bb545d5bea6b7
v3.0.0
Auto-publish from commit 51c87b4294665232633933d3f964107fbafde334
v2.0.0
Auto-publish from commit 3fed0b6a5e1e744a3e804eaf18cb94750fb3bf9c
Metadata
Slug pubblue
Version 5.1.2
License
All-time Installs 0
Active Installs 0
Total Versions 13
Frequently Asked Questions

What is Pubblue?

Publish and visualize output via the pubblue CLI, with live P2P browser sessions. It is an AI Agent Skill for Claude Code / OpenClaw, with 611 downloads so far.

How do I install Pubblue?

Run "/install pubblue" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pubblue free?

Yes, Pubblue is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Pubblue support?

Pubblue is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pubblue?

It is built and maintained by Michael Nome (@xmanatee); the current version is v5.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments