← Back to Skills Marketplace
etherstrings

OpenClaw Capture

by Wu Bo Yu · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
228
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-capture
Description
Wrap a local openclaw_capture_workflow checkout as an OpenClaw/ClawHub skill that captures links, text, images, and videos, routes STT by platform, and fans...
Usage Guidance
Key points to consider before installing/using this skill: - Metadata mismatch: The registry lists no required env vars, but SKILL.md and the code require several sensitive environment variables (model API key, Telegram bot token, Feishu webhook) and may read legacy config files. Treat the SKILL.md as authoritative and do not assume the registry metadata is complete. - Secrets and network calls: The skill will send data to external endpoints (model API base, Telegram API, Feishu webhook). Only provide API keys and tokens you trust the code to use. If you cannot review the receiving endpoints (for example aiHubMix), do not set the keys. - Local code import and execution: In library mode the skill inserts your legacy project's src onto PYTHONPATH and imports openclaw_capture_workflow — that import executes code from the local repo. Only enable library mode if you trust the local repository contents. Review the local repo before use. - Subprocess execution: If you set OPENCLAW_CAPTURE_LOCAL_STT_COMMAND, the skill will format and run that command (via shlex.split and subprocess.run). Avoid putting untrusted templated shell constructs in that variable; it can execute arbitrary commands. - Filesystem writes: The skill creates state and artifact directories and (via the legacy workflow) may write notes into an Obsidian vault or other local paths. Ensure state_dir and vault paths are acceptable and isolated if needed. - Mitigations: run in an isolated environment (container or dedicated account), review the bundled scripts and any local openclaw_capture_workflow checkout, avoid exposing high-privilege credentials, and prefer HTTP backend mode to isolate execution from importing local code if you cannot audit the local repo. If you want, I can (1) point out the exact lines that read/write files or make network calls, (2) list all environment variables the code actually reads, or (3) summarize the security implications of running in library vs http backend mode.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-capture Version: 0.1.0 The skill functions as a complex wrapper for a local 'openclaw_capture_workflow' and exhibits high-risk behaviors, specifically dynamic shell command construction and execution in 'video_audio_bridge.py' and 'dispatcher.py'. It uses shlex.split on strings formatted with user-provided URLs, which is a pattern vulnerable to argument injection. Furthermore, the skill requires extensive sensitive environment variables (API keys, bot tokens) and provides a mechanism to execute arbitrary local STT commands via the 'OPENCLAW_CAPTURE_LOCAL_STT_COMMAND' variable, creating a significant surface for local privilege escalation or unauthorized execution if the environment is compromised.
Capability Assessment
Purpose & Capability
The code and SKILL.md match the described purpose (wrapping a local openclaw_capture_workflow and fanning out results). However the registry metadata claims no required env vars/config paths while the SKILL.md and code require many environment settings (model API key, Telegram bot token, Feishu webhook, legacy project root, backend mode/URL, etc.) and will read legacy project files. That mismatch is an incoherence that could mislead users about secrets the skill needs.
Instruction Scope
SKILL.md instructs the agent to normalize a payload and run scripts/dispatch_capture.py (or pipe JSON). The runtime will import and execute the local openclaw_capture_workflow code (library mode) or POST to a backend (http mode), call external model APIs, and send requests to Telegram/Feishu webhooks. It may also execute a user-provided local STT CLI command via subprocess. These actions are within the skill's purpose, but they entail reading local project files, creating state/artifact directories, writing notes to an Obsidian vault, and making network calls — all of which the user should expect and review.
Install Mechanism
No install spec; code is bundled with the skill and nothing is downloaded or executed at install. This minimizes supply-chain risk from remote installs.
Credentials
The SKILL.md and code require multiple environment variables that are sensitive (OPENCLAW_CAPTURE_MODEL_API_KEY, OPENCLAW_CAPTURE_TELEGRAM_BOT_TOKEN, OPENCLAW_CAPTURE_FEISHU_WEBHOOK, etc.) and config paths (OPENCLAW_CAPTURE_LEGACY_PROJECT_ROOT). The registry metadata incorrectly lists 'Required env vars: none' which under-represents required secrets and configuration. The number and sensitivity of env vars is proportionate to the stated functionality, but the metadata mismatch and lack of explicit required-secret declaration is a red flag.
Persistence & Privilege
always:false (no forced global inclusion). The skill writes state and artifacts under its state_dir (default: skill_root/.state) and the legacy workflow may write into the user's Obsidian vault or other legacy paths; it also imports and executes code from a local checkout. These are expected for a capture/archiving tool but are persistent filesystem effects and should be considered when granting the skill access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-capture
  3. After installation, invoke the skill by name or use /openclaw-capture
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial publish of the OpenClaw capture wrapper skill.
Metadata
Slug openclaw-capture
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OpenClaw Capture?

Wrap a local openclaw_capture_workflow checkout as an OpenClaw/ClawHub skill that captures links, text, images, and videos, routes STT by platform, and fans... It is an AI Agent Skill for Claude Code / OpenClaw, with 228 downloads so far.

How do I install OpenClaw Capture?

Run "/install openclaw-capture" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Capture free?

Yes, OpenClaw Capture is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Capture support?

OpenClaw Capture is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Capture?

It is built and maintained by Wu Bo Yu (@etherstrings); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments