← Back to Skills Marketplace
ClawPulse
by
pierreeurope
· GitHub ↗
· v0.3.0
590
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawpulse
Description
Connect your OpenClaw agent to ClawPulse - the community analytics dashboard. Automatically collects and pushes aggregate token stats (no message content) to...
README (SKILL.md)
ClawPulse - Community Analytics for OpenClaw
Connect your agent to the OpenClaw community dashboard at https://clawpulse.vercel.app
Setup (Agent does this automatically)
Step 1: Install CLI
npm install -g openclaw-pulse
Step 2: Authenticate
The agent needs a GitHub token to push stats. Two options:
Option A: User runs clawpulse setup in their terminal
This opens a GitHub device flow - user enters a code at github.com/login/device.
Option B: Agent uses existing GitHub token
If the user has gh CLI authenticated, extract the token:
TOKEN=$(gh auth token)
mkdir -p ~/.clawpulse
echo "{\"apiUrl\":\"https://clawpulse.vercel.app\",\"githubToken\":\"$TOKEN\"}" > ~/.clawpulse/config.json
Step 3: Push stats
clawpulse push
This collects session stats from ~/.openclaw/agents/main/sessions/*.jsonl and pushes aggregate numbers to the ClawPulse API. No message content is ever collected.
Step 4: Set up auto-push via OpenClaw cron
Create TWO cron jobs for auto-push at midnight and noon:
{
"name": "ClawPulse Push (midnight)",
"schedule": { "kind": "cron", "expr": "0 0 * * *" },
"payload": { "kind": "agentTurn", "message": "Run: clawpulse push --silent" },
"sessionTarget": "isolated",
"delivery": { "mode": "none" }
}
{
"name": "ClawPulse Push (noon)",
"schedule": { "kind": "cron", "expr": "0 12 * * *" },
"payload": { "kind": "agentTurn", "message": "Run: clawpulse push --silent" },
"sessionTarget": "isolated",
"delivery": { "mode": "none" }
}
What Gets Collected (Privacy)
Only aggregate numbers per day:
- Token counts (input, output, cache read, cache write)
- Model names and usage counts
- Tool names and usage counts
- Cost estimates (at API rates)
- Message counts
- Session counts
Never collected: message content, file paths, tool arguments, personal data.
Commands
| Command | What it does |
|---|---|
clawpulse setup |
Interactive: login + push + show instructions |
clawpulse push |
Collect and push stats |
clawpulse push --silent |
Same but no output (for cron) |
clawpulse collect |
Just collect stats locally |
clawpulse status |
Show stats summary |
clawpulse login |
Re-authenticate with GitHub |
Dashboard
- Personal: https://clawpulse.vercel.app/dashboard (after login)
- Community: https://clawpulse.vercel.app
- Leaderboard: https://clawpulse.vercel.app/community
Source
Usage Guidance
Before installing or enabling this skill: (1) Inspect the npm package and GitHub repo (openclaw-pulse) source code to confirm what exact fields are read from your session files and how data is sanitized; (2) Do NOT allow the agent to auto-extract your existing `gh` CLI token — prefer the interactive device-flow login (Option A) or create a dedicated GitHub token with the minimal scopes required and rotate it after testing; (3) Verify that the JSONL session files truly exclude message content and sensitive tool arguments; (4) Consider running the CLI in an isolated environment or container and avoid installing it globally until you audit it; (5) If you proceed, monitor the ~/.clawpulse/config.json and cron jobs, and consider limiting the token scope and lifetime. The primary red flags are the undeclared GitHub credential requirement and persistent scheduled pushes — both should be addressed before trusting this skill with real credentials or production data.
Capability Analysis
Type: OpenClaw Skill
Name: clawpulse
Version: 0.3.0
The skill instructs the agent to extract a GitHub token using `gh auth token` and store it in `~/.clawpulse/config.json` (SKILL.md). While the stated purpose is to authenticate with the `clawpulse.vercel.app` analytics dashboard, programmatic handling of sensitive credentials by an AI agent is a high-risk operation. The skill also installs a global npm package (`openclaw-pulse`) and sets up cron jobs for persistent data collection and exfiltration of aggregate token stats to `clawpulse.vercel.app`. Although the intent appears to be benign analytics, the direct access and storage of a GitHub token makes this skill suspicious due to the potential for misuse or vulnerability.
Capability Assessment
Purpose & Capability
Name/description (push aggregate token stats to ClawPulse) aligns with the actions described (collect session stats and send to clawpulse.vercel.app). Required binaries (node, npx) are reasonable for installing/running an npm CLI. However, the registry metadata declares no required credentials while the SKILL.md explicitly requires a GitHub token for authentication, which is an inconsistency between declared needs and actual instructions.
Instruction Scope
The SKILL.md tells the agent to read session data from ~/.openclaw/agents/main/sessions/*.jsonl and to push aggregates externally. It also includes an agent-side path for persisting credentials (~/.clawpulse/config.json) and provides an Option B that programmatically extracts a GitHub token via `gh auth token`. The file reads and credential access are within the general claimed purpose but are sensitive operations; the skill asserts 'no message content is ever collected' but gives no verifiable sampling or sanitization steps, so the claim cannot be audited from these instructions alone.
Install Mechanism
No formal install spec is embedded in the registry, but SKILL.md instructs users to `npm install -g openclaw-pulse`. Installing from the public npm registry is a common pattern (moderate risk); there is a listed npm package and GitHub repo to inspect. There is no download from obscure URLs or extract-from-archive instructions.
Credentials
The skill effectively requires a GitHub token to authenticate pushes, but the registry metadata lists no required environment variables or primary credential. Option B suggests programmatically extracting a token from the `gh` CLI and writing it to disk, which can expose a broad-scoped credential. Requesting/storing a personal GitHub token is sensitive and should be declared explicitly; the current omission is a mismatch and a privacy/privilege concern.
Persistence & Privilege
The skill instructs creating recurring OpenClaw cron jobs to run `clawpulse push --silent` twice daily and persisting a GitHub token under ~/.clawpulse/config.json. While not using always:true, the combination of scheduled autonomous pushes plus stored credentials creates ongoing exfiltration capability if the client or package behaves differently than claimed. This persistence increases risk and warrants review of the package implementation and cron registration steps.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawpulse - After installation, invoke the skill by name or use
/clawpulse - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Community analytics dashboard for OpenClaw. GitHub OAuth, auto-push via OpenClaw cron, leaderboard.
Metadata
Frequently Asked Questions
What is ClawPulse?
Connect your OpenClaw agent to ClawPulse - the community analytics dashboard. Automatically collects and pushes aggregate token stats (no message content) to... It is an AI Agent Skill for Claude Code / OpenClaw, with 590 downloads so far.
How do I install ClawPulse?
Run "/install clawpulse" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawPulse free?
Yes, ClawPulse is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawPulse support?
ClawPulse is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawPulse?
It is built and maintained by pierreeurope (@pierreeurope); the current version is v0.3.0.
More Skills