← Back to Skills Marketplace
solarspiker

Appian Unnamedobjects

by solarspiker · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
109
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install appian-unnamedobjects
Description
Find Appian application objects that are missing a description. Exports the application, scans all object XML files, and reports name and UUID for each objec...
README (SKILL.md)

Appian Unnamed Objects

Exports an Appian application and scans every object XML file for objects whose \x3Cdescription> tag is empty or missing. Reports type, name, and UUID for each offending object.

Usage

node {baseDir}/scripts/index.js \x3CapplicationUuid>

Example

node {baseDir}/scripts/index.js _a-0000de15-1f1c-8000-5130-010000010000_12559

IMPORTANT: credentials are pre-configured

APPIAN_BASE_URL and APPIAN_API_KEY are already injected by OpenClaw at runtime. Never ask the user for credentials before running this skill. Just execute it with the UUID the user provided.

How users can ask for this

  • "Find Appian objects without descriptions in application \x3Cuuid>"
  • "Which Appian objects are undocumented in \x3Cuuid>"
  • "Audit Appian missing descriptions in \x3Cuuid>"
  • "Check Appian documentation coverage for \x3Cuuid>"

What it does

  1. Calls the Appian v2 Deployment Management API to export the application as a ZIP.
  2. Parses the ZIP in-process (no shell extraction) using Node.js built-ins — one object per XML file, type from directory name.
  3. Iterates every XML file outside META-INF/.
  4. For each object, checks whether \x3Cdescription> or \x3Ca:description> is absent or blank.
  5. Prints a grouped report of offending objects.

After running

Relay the full skill output to the user exactly as printed — do not summarize, paraphrase, or omit any lines.

The output already contains every object type, name, and UUID in a compact readable format. Your job is to forward it verbatim, then offer to help further. Do not replace the list with a vague count like "15 objects were found" — the user needs the actual names and details.

External endpoints

  • POST ${APPIAN_BASE_URL}/deployments — triggers the export
  • GET ${APPIAN_BASE_URL}/deployments/{uuid} — polls for completion
  • GET \x3CpackageZip URL> — downloads the resulting ZIP

Security

  • Credentials (APPIAN_BASE_URL, APPIAN_API_KEY) are read from environment variables (injected by OpenClaw at runtime). If not injected, falls back to appian.json in the current working directory.
  • The ZIP is written to ~/appian-exports/ and mirrored to CWD/appian-exports/ when running in a container.
  • No data is sent to any third-party service.
  • No shell commands are executed; ZIP extraction uses Node.js built-in zlib.
Usage Guidance
This skill appears to do what it claims: it uses your APPIAN_BASE_URL and APPIAN_API_KEY to export an application and scan XML files for empty/missing <description> tags. Before installing, consider: 1) The exported ZIP is written to your home directory and a copy to the current working directory — the package may contain sensitive data, so run in a safe/isolated workspace or clean up files after use. 2) The skill will read appian.json from the current directory or parent directories as a fallback, so ensure no unexpected credential files are present. 3) The SKILL.md requires the agent to forward the full raw output verbatim — be aware that this could expose sensitive object names or contents to whoever receives the output. 4) Limit the API key's scope where possible and rotate it if you decide to stop trusting the skill. 5) If you need higher assurance, review the full script in a sandbox or run it manually with a throwaway account first.
Capability Analysis
Type: OpenClaw Skill Name: appian-unnamedobjects Version: 1.3.0 The skill is designed to audit Appian application objects for missing descriptions by exporting the application via the Appian API and scanning the resulting XML files. The implementation in `scripts/index.js` uses standard Node.js built-ins for network requests and file operations, including a custom ZIP parser to avoid external dependencies. While it writes exported ZIP files to the user's home directory and requires sensitive credentials (API keys), these behaviors are clearly documented in `SKILL.md` and are necessary for the stated functionality. There is no evidence of data exfiltration to third parties or malicious execution.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description ask to export an Appian application and scan XML files; the skill only requires APPIAN_BASE_URL and APPIAN_API_KEY and the code calls Appian deployment endpoints and downloads the package ZIP as described — these requirements are proportionate to the declared purpose.
Instruction Scope
SKILL.md and the script keep behavior within the stated audit scope (trigger export, poll, download ZIP, scan XML entries). However the instructions insist the agent 'relay the full skill output verbatim' which increases the chance of exposing sensitive information if the export contains secrets or sensitive metadata. The runtime also falls back to reading appian.json for credentials if environment variables are not present.
Install Mechanism
No install spec (instruction-only skill with a single Node script). Nothing is downloaded from unknown third-party URLs by the skill itself beyond the Appian package ZIP; low install risk.
Credentials
Only APPIAN_BASE_URL and APPIAN_API_KEY are required, which matches the API calls the skill performs. As a caveat, the script looks for an appian.json file up to 5 parent directories as a fallback and will populate process.env from it — this is reasonable but means local files containing credentials may be read if env vars are missing.
Persistence & Privilege
always is false and the skill does not alter other skills. It persists downloaded exports to ~/appian-exports and copies them into CWD/appian-exports when in a container; exported ZIPs therefore remain on-disk and may contain sensitive data. This persistent storage is expected for the stated purpose but is worth noting.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install appian-unnamedobjects
  3. After installation, invoke the skill by name or use /appian-unnamedobjects
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
appian-unnamedobjects 1.3.0 - Updated scripts/index.js (details not specified). - No changes to user-facing documentation or usage. - Maintained all core functionality and security practices. - Skill continues to scan Appian application objects for missing or empty descriptions and reports results as before.
v1.2.0
- Improved internal implementation in scripts/index.js; no user-facing changes. - All functionality and usage remain the same.
v1.1.2
- Updated trigger phrases in the description and usage section to explicitly mention "Appian" for clarity. - No changes to functionality; documentation only.
v1.1.1
- Updated instructions: Now requires the full skill output to be relayed to the user exactly as printed, without paraphrasing or summarizing. - Emphasized: Do not replace the report with only a count; users must see the actual object names and details. - Usage guidance expanded to clarify response handling expectations.
v1.1.0
- Added detailed SKILL.md documentation explaining usage, required environment variables, example commands, and output expectations. - Clarified that credentials (APPIAN_BASE_URL, APPIAN_API_KEY) are pre-configured and should never be requested from users. - Enhanced skill description with trigger phrases and security information. - Outlined supported Appian API endpoints and summarized application object export and scanning process. - Provided guidance on user prompts and how to interpret results.
Metadata
Slug appian-unnamedobjects
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is Appian Unnamedobjects?

Find Appian application objects that are missing a description. Exports the application, scans all object XML files, and reports name and UUID for each objec... It is an AI Agent Skill for Claude Code / OpenClaw, with 109 downloads so far.

How do I install Appian Unnamedobjects?

Run "/install appian-unnamedobjects" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Appian Unnamedobjects free?

Yes, Appian Unnamedobjects is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Appian Unnamedobjects support?

Appian Unnamedobjects is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Appian Unnamedobjects?

It is built and maintained by solarspiker (@solarspiker); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments