← Back to Skills Marketplace

🔌

ACT Runtime

Name: ACT Runtime
Author: actcore

by ACT Core · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install act-cli

Description

Run ACT WebAssembly component tools via `act call`. Use when the user asks to use an ACT component, run a .wasm tool, or needs sandboxed tools (SQLite, HTTP,...

README (SKILL.md)

ACT Tools

Run self-contained WebAssembly component tools via the act CLI. No system dependencies, no Docker, no language runtimes — just .wasm binaries in a sandbox.

Prerequisites

Check if act is available:

act --help

If not installed:

npm i -g @actcore/act

Step 1: Discover tools

act info --tools --format json \x3Ccomponent>

\x3Ccomponent> is one of:

OCI registry ref: ghcr.io/actpkg/sqlite:0.1.0
HTTP URL: https://example.com/component.wasm
Local file: ./component.wasm

The output contains:

metadata_schema — required configuration keys (pass via --metadata)
tools — list of tool names, descriptions, and parameters_schema

Use --format text for a human-readable summary instead of JSON.

Step 2: Call a tool

act call \x3Ccomponent> \x3Ctool-name> --args '\x3Cjson>' [options]

Option	Purpose
`--args '\x3Cjson>'`	Tool parameters (matches `parameters_schema`)
`--metadata '\x3Cjson>'`	Component config (matches `metadata_schema`)
`--allow-dir guest:host`	Grant directory access to the sandbox
`--allow-fs`	Grant full filesystem access

Output is JSON on stdout. Logs go to stderr.

Remote components are cached locally after first download.

Example: SQLite

# Create a table
act call ghcr.io/actpkg/sqlite:0.1.0 execute-batch \
  --args '{"sql":"CREATE TABLE notes (id INTEGER PRIMARY KEY, text TEXT, created_at TEXT DEFAULT CURRENT_TIMESTAMP)"}' \
  --metadata '{"database_path":"/data/notes.db"}' \
  --allow-dir /data:/tmp/act-data

# Insert
act call ghcr.io/actpkg/sqlite:0.1.0 execute \
  --args '{"sql":"INSERT INTO notes (text) VALUES (?1)","params":["Hello from ACT"]}' \
  --metadata '{"database_path":"/data/notes.db"}' \
  --allow-dir /data:/tmp/act-data

# Query
act call ghcr.io/actpkg/sqlite:0.1.0 query \
  --args '{"sql":"SELECT * FROM notes"}' \
  --metadata '{"database_path":"/data/notes.db"}' \
  --allow-dir /data:/tmp/act-data

Important

Always run act info --tools first to discover tool names and schemas
Pass --metadata on every call (stateless — no session)
Use --allow-dir guest:host only when the component needs filesystem access
Components run sandboxed in WebAssembly — no host access unless explicitly granted

Usage Guidance

This skill appears coherent for running ACT WebAssembly components. Before installing or using it: (1) Only install the act CLI from an official source (verify the npm package and publisher). (2) When calling remote or third-party components (ghcr.io, HTTP, or unknown .wasm files), inspect their metadata/schemas and avoid granting --allow-fs or broad --allow-dir unless you trust the component. (3) Remember remote components are cached locally — remove cached artifacts if you no longer trust them. (4) Treat running untrusted .wasm components like running any third-party code: least privilege, review inputs/outputs, and avoid exposing sensitive host directories.

Capability Analysis

Type: OpenClaw Skill Name: act-cli Version: 0.1.0 The skill facilitates the global installation of a third-party CLI tool (`@actcore/act`) and provides instructions for downloading and executing remote WebAssembly components from OCI registries (ghcr.io/actpkg/) or arbitrary URLs. Most significantly, SKILL.md explicitly instructs the agent on how to bypass WASM sandboxing by granting components full filesystem access (`--allow-fs`) or directory mapping (`--allow-dir`), which poses a high risk of host compromise if the agent is directed to execute an untrusted component. Additionally, the _meta.json contains a suspicious future-dated timestamp (year 2026).

Capability Assessment

✓ Purpose & Capability

The skill's name/description match the SKILL.md: it requires the act CLI and instructs the agent to run act info and act call against .wasm components or OCI refs. No unrelated binaries, credentials, or config paths are requested.

ℹ Instruction Scope

Instructions stay within purpose (discover tools, call tools, pass metadata, allow directories). Important operational decisions (e.g., --allow-dir, --allow-fs) can grant components filesystem access; the SKILL.md calls this out and advises caution. No instructions ask the agent to read unrelated host files, environment variables, or exfiltrate data.

ℹ Install Mechanism

There is no registry install spec; the SKILL.md recommends installing the act CLI via npm (npm i -g @actcore/act). Installing a global npm package is a normal way to get the required binary but does carry the usual supply-chain/registry risks of any npm package. The recommendation uses a package name (not an arbitrary download URL), which is proportionate for this tool.

✓ Credentials

The skill requests no environment variables or credentials. The primary potential privilege is filesystem/network access that the operator may grant to components at runtime (via --allow-dir/--allow-fs), which is appropriate for a sandboxed runtime but should be granted selectively.

✓ Persistence & Privilege

The skill is instruction-only, has always: false, and does not request persistent privileges or modify other skills. Autonomous invocation is allowed by default but not excessive here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install act-cli
After installation, invoke the skill by name or use /act-cli
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release of the act-cli skill: - Run sandboxed WebAssembly tools via the `act` CLI with zero system dependencies. - Supports discovering tool names, descriptions, and parameter schemas from ACT components (.wasm files, OCI registries, or URLs). - Allows safe, parameterized tool execution with JSON input/output. - Includes guidance for directory/filesystem sandboxing and metadata requirements. - Example provided for running SQLite in a sandboxed ACT environment.

Metadata

Slug act-cli

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is ACT Runtime?

Run ACT WebAssembly component tools via `act call`. Use when the user asks to use an ACT component, run a .wasm tool, or needs sandboxed tools (SQLite, HTTP,... It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.

How do I install ACT Runtime?

Run "/install act-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ACT Runtime free?

Yes, ACT Runtime is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ACT Runtime support?

ACT Runtime is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ACT Runtime?

It is built and maintained by ACT Core (@actcore); the current version is v0.1.0.

More Skills