← Back to Skills Marketplace
1820
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install share-usecase
Description
Share your OpenClaw use case to clawusecase.com. Analyzes your recent work and creates a submission for the community.
Usage Guidance
This skill appears to implement the advertised feature (draft + submit use cases) but you should be cautious before installing:
- Expect the assistant to read recent conversation history to draft the submission — that may disclose private messages you don't want published.
- The OAuth flow uses a Convex endpoint (config.convexUrl). Verify you trust that host (benevolent-tortoise-657.convex.cloud) because it is queried with the OAuth token and returns the credential JSON.
- get-credential.js prints the full credential JSON to stdout and poll-credential.sh echoes it. That JSON could include access tokens or other sensitive fields even if the README promises only public profile data. Ask the publisher to confirm or change the code to only return and expose public profile fields (username/display name) and to redact access/refresh tokens.
- Consider requiring explicit user consent before submitting content publicly and avoid automatically including full credential blobs in submissions or logs.
Recommended actions before enabling:
1) Inspect or run the code in a sandbox to confirm what fields the Convex backend returns (does it include access tokens?).
2) Replace or modify get-credential.js/poll-credential.sh so they only surface the minimal profile fields (username/platform) and do not print/store tokens.
3) Verify the identity/trustworthiness of the convex host or change to a backend under clawusecase.com if you control that service.
4) Ensure the assistant requests explicit user approval prior to sending any content to the public site and that anonymous submission is easy to choose.
If you cannot confirm the above, treat the skill as potentially leaking sensitive OAuth data and avoid installing it in environments with sensitive conversations or credentials.
Capability Analysis
Type: OpenClaw Skill
Name: share-usecase
Version: 1.0.1
The skill is designed to share OpenClaw use cases, involving analysis of recent conversation history, OAuth for attribution, and submission to clawusecase.com. The primary concern lies in the `SKILL.md` file, which contains highly imperative instructions for the AI agent to execute shell commands (`node get-credential.js`) and actively monitor/parse their output in real-time. While the current scripts are benign and the parsing logic is specific to extracting OAuth credentials (username, platform), these strong prompt injection instructions for immediate command output processing represent a risky capability that could be exploited if the underlying scripts were compromised or designed to output arbitrary harmful instructions, even though no clear malicious intent is present in the current bundle.
Capability Assessment
Purpose & Capability
Name, description, and included scripts align with submitting a use case to clawusecase.com. The presence of submit.js and normalize-tools.js is appropriate. However, config.json points to an external Convex host (benevolent-tortoise-657.convex.cloud) for OAuth token retrieval rather than a service under clawusecase.com; this is plausible but worth verifying (it means credentials are stored/queried from that third-party backend).
Instruction Scope
SKILL.md explicitly instructs the agent to scan recent conversation history (last 50–100 messages / past few hours) to build the draft — this is within the stated purpose but is broad and may surface private content. It also mandates synchronous, foreground polling and immediate messaging on OAuth completion, which is an implementation constraint that increases I/O frequency and visibility of credential material.
Install Mechanism
No install spec (instruction-only deployment) and the code files are small, plain Node/Bash scripts. There are no downloads from untrusted URLs or install steps that write arbitrary binaries to disk.
Credentials
The README/Privacy section claims OAuth only accesses public profile, but get-credential.js prints the entire credential JSON returned by the Convex backend and poll-credential.sh echoes it to stdout. That output may include tokens or other sensitive fields beyond username/display name. The skill does not request or declare environment secrets but it does accept env overrides (CONVEX_URL, CLAWUSECASE_API_URL). Printing/storing full credentials is disproportionate to the stated need (only public profile is required).
Persistence & Privilege
Skill is not always-enabled, doesn't request elevated system privileges, and doesn't modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with always:true.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install share-usecase - After installation, invoke the skill by name or use
/share-usecase - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
share-usecase 1.0.1
- Clarified and strengthened polling requirements for OAuth attribution: Now explicitly requires synchronous, real-time monitoring and immediate notification to users upon successful connection.
- Provided detailed implementation guidance to prevent background polling; emphasized that polling results must be checked directly and responded to instantly.
- Added more precise bash code samples for credential polling and real-time user feedback.
- Highlighted critical implementation notes to eliminate delays in user notifications for OAuth connections.
v1.0.0
share_usecase 2.0.0 introduces a fully guided assistant to help users share their OpenClaw use cases on clawusecase.com with new attribution and review features.
- Analyzes recent user activity to draft a structured use case submission.
- Provides users with a preview and allows editing before submission.
- Supports both anonymous and credited submissions; OAuth integration for attribution with real-time connection detection and feedback.
- Normalizes technology/tool names for consistency.
- Handles API responses, validation, rate limits, and error feedback robustly.
- Improves user experience with clear instructions and tips for quality use case submissions.
Metadata
Frequently Asked Questions
What is Share use case?
Share your OpenClaw use case to clawusecase.com. Analyzes your recent work and creates a submission for the community. It is an AI Agent Skill for Claude Code / OpenClaw, with 1820 downloads so far.
How do I install Share use case?
Run "/install share-usecase" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Share use case free?
Yes, Share use case is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Share use case support?
Share use case is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Share use case?
It is built and maintained by josephl37 (@josephl37); the current version is v1.0.1.
More Skills