← Back to Skills Marketplace
stephancill

Permissions Broker

by stephancill · GitHub ↗ · v1.0.9
cross-platform ✓ Security Clean
1306
Downloads
0
Stars
0
Active Installs
10
Versions
Install in OpenClaw
/install permissions-broker
Description
Interact with the Permissions Broker service to fetch data from Google APIs behind a Telegram approval gate. Use when an agent needs to read Google Drive/Doc...
Usage Guidance
This skill appears to do what it says: it helps the agent create brokered upstream API requests that the user approves in Telegram. Before installing or storing any broker key: 1) Verify you trust the broker service hostname (the docs refer to https://permissions-broker.steer.fun) and the Telegram bot that issues keys. 2) Prefer session-only keys if you do not want persistent agent access; only store PB_API_KEY in the agent's secret store after explicit consent. 3) Be aware the agent is told to 'parse/persist what you need' on first fetch—decide and communicate whether fetched data may be retained. 4) If you don't trust the broker, do not provide its API key and instead supply local credentials directly or decline the skill. If you want a stronger assessment, provide the broker's real homepage, code, or the Telegram bot identity so I can check the service origin and ownership.
Capability Analysis
Type: OpenClaw Skill Name: permissions-broker Version: 1.0.9 The skill bundle describes a 'Permissions Broker' designed to mediate external data access and third-party actions, requiring explicit user approval via Telegram for every request. Instructions emphasize secure handling of API keys (no logging, no committing, user consent for persistence), transparency to the user (via `consent_hint`), and reliance on the broker for enforcing host/method allowlists and handling sensitive OAuth tokens. While the skill enables high-risk capabilities like external API calls and Git operations, these are explicitly stated, gated by user approval, and implemented with robust security controls, indicating no malicious intent or attempts to bypass security mechanisms.
Capability Assessment
Purpose & Capability
The SKILL.md describes a broker/proxy that creates upstream requests and obtains user approval via Telegram—everything the skill asks the agent to do (create proxy request, poll for approval, call execute) matches that purpose. It does not request unrelated credentials or system access.
Instruction Scope
Instructions are explicit about building POST /v1/proxy/request bodies, polling for approval, and calling execute. They warn not to paste API keys into logs. A potentially ambiguous instruction is 'parse/persist what you need on the first successful execution' — that could be interpreted to persist sensitive upstream data without explicit re-consent. Also the SKILL.md tells the agent to ask the user to paste the PB_API_KEY from Telegram and optionally store it; this is within scope but requires explicit user consent in practice.
Install Mechanism
Instruction-only skill with no install steps, no code files, and no binaries requested. This is low-risk from an install/execution perspective.
Credentials
No required env vars are declared, but the skill instructs storing a broker API key (PB_API_KEY) in the agent's secrets store if the user consents. That is proportional to the purpose. There are no requests for unrelated secrets or host-level config.
Persistence & Privilege
always:false (normal). The skill permits storing a PB_API_KEY for reuse if the user agrees; combined with autonomous invocation this would allow the agent to create broker requests without re-prompting the user (approval still happens in Telegram). This behavior is expected for this kind of broker but is a privacy/abuse consideration the user should understand.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install permissions-broker
  3. After installation, invoke the skill by name or use /permissions-broker
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.9
- Added Spotify as a supported provider for Permissions Broker. - No other changes detected.
v1.0.8
permissions-broker 1.0.8 - Improved documentation: Consent hints are now required when creating a request; the reason for the request must always be supplied in plain language. - Clarified that consent_hint should specify “what you’re doing and why,” and is shown to the user in Telegram. - No code or functional changes; documentation only.
v1.0.7
**iCloud CALDAV support added.** - Added support for iCloud CALDAV as a provider. - Updated documentation to include iCloud setup steps and `/connect icloud` workflow. - Clarified provider connection instructions (user links via `/connect` in Telegram). - Expanded list of supported providers to: Google, GitHub, and iCloud CALDAV. - Added references/caldav.md file.
v1.0.6
**Summary:** Adds user consent requirements for API key storage and updates supported providers. - Now requires explicit user consent to store and reuse the PB_API_KEY across sessions; if not given, treat the key as session-only. - Updated setup instructions to clarify when and how to persist API keys. - Provider list updated: Google APIs now explicitly includes Sheets support. - Description updated to reflect changes in API key handling and provider support. - No code or functional changes; documentation only.
v1.0.5
permissions-broker 1.0.5 - Added a new "Setup" section detailing how to create, store, and manage the Permissions Broker API key for agent use. - Provided clear instructions for users to obtain and securely manage API keys, emphasizing security best practices. - No changes to core broker workflows or code samples. - Existing guidance and API usage instructions remain unchanged.
v1.0.4
permissions-broker 1.0.4 - Added support for GitHub API (REST) in addition to Google APIs (Drive/Docs). - Now supports all HTTP methods (GET, POST, PUT, PATCH, DELETE), not just GET. - Expanded request body handling: supports JSON, text, and base64-encoded binary bodies. - Clarified workflow: broker is the default path for all provider access unless explicit local credentials are provided and allowed. - Improved guidance for agent response style and polling behavior.
v1.0.3
- Updated workflow to use explicit "execute" step after approval: after polling for approval via status endpoint, requests are now executed once using a dedicated POST execute endpoint. - Clarified separation of status polling and execution: status is polled until APPROVED, then execution occurs in a single-use fashion to proxy upstream response bytes. - Revised code samples for both JavaScript and Python to reflect new poll-then-execute pattern and updated endpoints. - Improved documentation on request lifecycle and strengthened instructions about single-use execution and the need to use the original API key for both polling and execution. - Enhanced response style and polling guidelines to match the updated broker logic.
v1.0.2
permissions-broker 1.0.2 - Added a new section detailing expected polling behavior: always poll for at least 30 seconds for user approval before returning control/instructions. - Clarified agent control flow: if approval is still pending after the polling window, return the request ID and clear Telegram instructions to the user. - Updated example code and comments to reflect new polling recommendations (default to 30s). - No code or functional changes; documentation improvements only.
v1.0.1
permissions-broker 1.0.1 - Example broker base URL updated in sample code (`https://permissions-broker.steer.fun`). - No functional or behavioral changes; documentation improvements only.
v1.0.0
permissions-broker 1.0.0 - Initial release of the Permissions Broker skill. - Enables agents to proxy requests to OAuth providers after user approval in Telegram. - Enforces host allowlist, one-time retrieval, and GET-only constraints. - Includes example code for JavaScript/TypeScript and Python integration. - Outlines best practices for user interaction and instructions for forming correct upstream URLs.
Metadata
Slug permissions-broker
Version 1.0.9
License
All-time Installs 0
Active Installs 0
Total Versions 10
Frequently Asked Questions

What is Permissions Broker?

Interact with the Permissions Broker service to fetch data from Google APIs behind a Telegram approval gate. Use when an agent needs to read Google Drive/Doc... It is an AI Agent Skill for Claude Code / OpenClaw, with 1306 downloads so far.

How do I install Permissions Broker?

Run "/install permissions-broker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Permissions Broker free?

Yes, Permissions Broker is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Permissions Broker support?

Permissions Broker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Permissions Broker?

It is built and maintained by stephancill (@stephancill); the current version is v1.0.9.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments