← Back to Skills Marketplace
532
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install grago
Description
Delegate web and API data fetching to local LLMs for research tasks, saving tokens and keeping data private while using your local machine for analysis.
README (SKILL.md)
Grago
Delegate research and data-fetch tasks to a free local LLM. Save tokens. Use your machine.
Grago bridges the gap between your OpenClaw agent and local LLMs (Ollama, llama.cpp, etc.) that can't use tools natively. It runs shell scripts to fetch live data from the web, APIs, and local files — then pipes the results into your local model with a focused prompt.
Your cloud model stays sharp. Your local machine does the grunt work. Your token bill drops.
⚠️ Security Model
Grago executes shell commands. This is intentional — it's the only way to give tool-less local LLMs access to external data.
Safe for: Trusted, single-user environments (your own Mac Mini, VPS, workstation)
NOT safe for: Multi-tenant systems, public APIs, untrusted agents
If your OpenClaw agent is compromised via prompt injection, Grago can execute arbitrary commands. This is the trade-off for free local compute. Read SECURITY.md in the repo for full details.
When to Use This Skill
Use Grago when:
- You need live data fetched (web pages, APIs, RSS feeds, logs)
- The task is research-heavy and doesn't need your primary model
- You want to keep data on your own machine (privacy)
- You want to save tokens by offloading analysis to a local LLM
How It Works
- Fetch — Shell scripts pull live data (curl, jq, grep, etc.)
- Analyze — Results are piped to your local Ollama model with a prompt
- Return — Structured analysis comes back to your OpenClaw agent
Usage
# Fetch a URL and analyze locally
grago fetch "https://example.com" \
--analyze "Summarize the key points" \
--model gemma2
# Multi-source research from a YAML config
grago research \
--sources sources.yaml \
--prompt "What are the main themes across these sources?"
# Pipe any shell command into your local model
grago pipe \
--fetch "curl -s https://api.example.com/data" \
--transform "jq .results" \
--analyze "Identify trends and flag outliers"
Configuration
Config file: ~/.grago/config.yaml
default_model: gemma2 # Your preferred Ollama model
timeout: 30 # Seconds per fetch
max_input_chars: 16000 # Input truncation limit
output_format: markdown # markdown | json | text
Requirements
- Ollama installed and running locally (install.sh handles this)
- At least one model pulled in Ollama (gemma2, mistral, llama3, etc.)
- bash, curl, jq
Installation
git clone https://github.com/solsuk/grago.git
cd grago && ./install.sh
Notes for the Agent
- Prefer
pipemode overfetch --analyzefor reliability (avoids Ollama TTY spinner issues) - Default model is whatever is set in
~/.grago/config.yaml; override per-call with--model - Input is truncated to
max_input_charsbefore being sent to the local model - Local model responses can be slow (5–30s depending on hardware and model size) — this is expected
- Grago is for research and fetch delegation — not for tasks requiring your primary model's reasoning
Usage Guidance
Grago is coherent with its stated goal but deliberately runs arbitrary shell commands and can read local files — this makes it dangerous on shared or untrusted machines. Only install and run Grago on devices you fully control (personal Mac/VPS/workstation). Before installing: review install.sh (it may run ollama's remote install script), inspect grago.sh for eval usage, and ensure no sensitive files or credentials are reachable from sources.yaml or from commands you allow the agent to run. Do not use on multi-tenant systems, public-facing agents, or machines containing secrets you can't afford to expose. If you need narrower, safer behavior, prefer a tool that uses explicit, whitelisted HTTP calls rather than eval-ing shell commands.
Capability Analysis
Type: OpenClaw Skill
Name: grago
Version: 1.0.1
The skill is classified as suspicious due to its intentional design allowing arbitrary shell command execution and file system access. The `grago.sh` script extensively uses `eval` on user-provided or configuration-derived strings (e.g., `--transform`, `--fetch` arguments, `sources.yaml` `transform` fields) and allows reading/writing arbitrary local files (`cmd_research`). While the `SKILL.md`, `README.md`, and `SECURITY.md` files explicitly document these as intentional features necessary for the skill's functionality and warn about the severe security implications (e.g., RCE via prompt injection if the agent is compromised), these capabilities represent significant vulnerabilities that could be leveraged for malicious purposes by a compromised agent. The `install.sh` script also downloads and executes a remote script from `ollama.ai`, which is a supply chain risk, though common for software installation.
Capability Assessment
Purpose & Capability
The name/description (delegate web/API fetches to local LLMs) match the code and instructions: the scripts fetch URLs, read files, transform data, and send results to a local Ollama model. The installer pulls Ollama and a model as described. Requested capabilities are proportional to the declared purpose.
Instruction Scope
SKILL.md and grago.sh allow execution of arbitrary shell commands (cmd_pipe uses eval on fetch/transform commands; cmd_fetch and cmd_research run transforms via eval). The research flow can read arbitrary file paths from sources.yaml (cat $path). These behaviors are explicitly documented in SECURITY.md, but they mean the skill can access files and run commands beyond narrow fetch tasks — so it must only be used in trusted, single-user environments.
Install Mechanism
There is no packaged install spec in the registry, but install.sh runs an installer: on macOS it uses brew to install Ollama; on other OSes it runs curl -fsSL https://ollama.ai/install.sh | sh. Pulling models via ollama pull is expected. Using an official vendor URL (ollama.ai) is reasonable, but piping a remote install script to sh is higher-risk than packaged installs and should be inspected before running.
Credentials
The skill declares no required env vars or credentials, and the code does not require external secrets. However, sources.yaml examples in README show header values like Authorization: "Bearer ${API_KEY}", implying users may expose env-based secrets via sources config; the skill does not declare or manage those. The script reads arbitrary file paths and could expose local secrets if sources.yaml is used unsafely. This is consistent with the tool's purpose but worth caution.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. Installer writes to typical per-user locations (~/.grago, ~/.local/bin or /usr/local/bin) and copies SKILL.md into OpenClaw workspace if present. It does not modify other skills or global agent settings beyond installing its files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install grago - After installation, invoke the skill by name or use
/grago - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Added security documentation explaining intentional command execution design
v1.0.0
Initial release: Local LLM bridge for OpenClaw
Metadata
Frequently Asked Questions
What is Grago?
Delegate web and API data fetching to local LLMs for research tasks, saving tokens and keeping data private while using your local machine for analysis. It is an AI Agent Skill for Claude Code / OpenClaw, with 532 downloads so far.
How do I install Grago?
Run "/install grago" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Grago free?
Yes, Grago is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Grago support?
Grago is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Grago?
It is built and maintained by solsuk (@solsuk); the current version is v1.0.1.
More Skills