← Back to Skills Marketplace
OpenClaw Use Case Catalog
by
Chunhua Liao
· GitHub ↗
· v1.0.0
683
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-usecase-catalog
Description
Comprehensive catalog of what people are doing with OpenClaw. Covers 15+ categories with real examples, sources, and inspiration. Use when asked about OpenCl...
Usage Guidance
This is primarily a curated reference and is coherent with its stated purpose, but it contains and recommends operational examples that need credentials (git push, SSH, reading 2FA/messages, periodic heartbeats). Before installing or enabling this skill: 1) Do not grant it automatic write/push rights to your main GitHub account—use a dedicated repo and bot account if you want auto-push. 2) Review any findings files before committing to avoid accidental leakage of secrets or sensitive notes. 3) If you plan to implement examples (SSH, SMS monitoring, calendar access), provision dedicated, least-privilege credentials and service accounts; never reuse personal SSH keys or account tokens. 4) Consider removing or editing the git push/remote instructions in SKILL.md if you don't want the agent to push to a remote automatically. 5) If you lack operational controls, treat this as read-only documentation rather than an automation to run autonomously. If you want, I can suggest safe edits to SKILL.md that remove or clarify the push/credential steps.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-usecase-catalog
Version: 1.0.0
The skill instructs the OpenClaw agent to perform web searches, write to the local file system (`findings/YYYY-MM-DD.md`), and execute `git add`, `git commit`, and `git push` commands to a remote GitHub repository (SKILL.md). This grants the agent powerful capabilities, including arbitrary shell command execution and network access, which are high-risk. The agent is also instructed to process untrusted content from web searches, creating a significant prompt injection vulnerability that could lead to unauthorized command execution (RCE) or data exfiltration via the `git push` mechanism. The `findings/` files further illustrate the agent's expected capabilities, including SSH access, browser automation with AppleScript, and interaction with sensitive systems, highlighting the broad attack surface and potential for abuse, even if the current intent is benign.
Capability Assessment
Purpose & Capability
Name/description match the contents: this is a catalog of OpenClaw use cases. However, the SKILL.md instructs saving findings and running git commit && git push to a repo path ({github_org}/openclaw-skill-usecases). The skill declares no required credentials or env vars (e.g., no GIT or GitHub token). Asking the agent to perform pushes/SSH in examples without declaring or justifying credentials is a proportionality mismatch (likely because it's an instruction-only catalog, but it's still an inconsistency).
Instruction Scope
SKILL.md tells the agent to search the web, append bilingual entries to findings/YYYY-MM-DD.md, and commit/push. The bundled 'findings/' files include example snippets that show SSH commands, exec() usage, heartbeats, periodic scanning of SMS/messages and squeue via SSH. Those examples indicate workflows that access system resources and secrets (SSH keys, SMS 2FA). While the skill itself doesn't directly instruct the agent to read host secrets, the presence of operational examples that run commands and push changes broadens the scope and could cause accidental exposure if the agent is allowed to write files or push to GitHub.
Install Mechanism
No install spec and no code files to execute—this is instruction-only. That reduces direct install-time risk (nothing downloaded or extracted).
Credentials
Declared requirements: none. But the documented workflows and examples expect access to credentials/keys (GitHub pushes, SSH access to clusters, reading 2FA from messages, inbox scanning). Requiring no env vars while encouraging git pushes/SSH is disproportionate and ambiguous: if you enable agent actions, you'll need to decide which secrets to provide. There's risk of accidentally committing sensitive info into the findings files and then pushing to a remote repo.
Persistence & Privilege
Flags: always:false, user-invocable:true, model invocation allowed (default). The skill does not request persistent/automatic inclusion (no always:true). It contains suggestions for heartbeats/cron jobs in examples, but those are examples rather than settings in the manifest. No manifest-level privilege escalation observed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-usecase-catalog - After installation, invoke the skill by name or use
/openclaw-usecase-catalog - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Comprehensive catalog of OpenClaw use cases
Metadata
Frequently Asked Questions
What is OpenClaw Use Case Catalog?
Comprehensive catalog of what people are doing with OpenClaw. Covers 15+ categories with real examples, sources, and inspiration. Use when asked about OpenCl... It is an AI Agent Skill for Claude Code / OpenClaw, with 683 downloads so far.
How do I install OpenClaw Use Case Catalog?
Run "/install openclaw-usecase-catalog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Use Case Catalog free?
Yes, OpenClaw Use Case Catalog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Use Case Catalog support?
OpenClaw Use Case Catalog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Use Case Catalog?
It is built and maintained by Chunhua Liao (@chunhualiao); the current version is v1.0.0.
More Skills