← Back to Skills Marketplace
738
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install openpond-cli
Description
Use the OpenPond CLI to create repos, watch deployments, and run tools without the web UI.
Usage Guidance
This skill appears to be a normal CLI wrapper for OpenPond, but the package metadata is incomplete and the runtime steps touch sensitive local state. Before installing or allowing an agent to use it: 1) Verify the 'openpond-code' npm package source and integrity (inspect its repo, reviews, and latest release). Prefer using 'npx' or a scoped/test environment instead of a global install. 2) Use a limited-scope or disposable OPENPOND_API_KEY when testing, and rotate it afterwards. 3) Be aware the CLI will read and temporarily modify your .git/config and will persist credentials under ~/.openpond/cache.json — inspect and remove those files if you don't want persistent tokens. 4) If you plan to let an agent invoke this skill autonomously, limit that agent's file access or run it in an isolated workspace to avoid accidental exfiltration of repository credentials. 5) Ask the skill author/registry to correct metadata (declare required binaries and env vars) so the security surface is transparent.
Capability Analysis
Type: OpenClaw Skill
Name: openpond-cli
Version: 0.1.1
The skill bundle provides instructions for using the OpenPond CLI, including installation via `npm`, authentication, repository management, deployment watching, and tool execution. All commands and descriptions align with the stated purpose of managing OpenPond applications. There is no evidence of prompt injection against the OpenClaw agent, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. While passing API keys on the command line (`openpond login --api-key`) can be a security vulnerability, it is a common CLI pattern and does not indicate malicious intent from the skill itself.
Capability Assessment
Purpose & Capability
Name/description describe an OpenPond CLI helper. However the skill metadata declares no required binaries or env vars while the SKILL.md clearly expects npm/npx, the 'openpond' CLI, and git. The missing declared requirements is an incoherence: a CLI helper normally would declare these dependencies.
Instruction Scope
Runtime instructions tell the agent to install/open/use the 'openpond' CLI, run git commands, read/modify .git/config (tokenize origin temporarily), and rely on ~/.openpond/cache.json for cached credentials. These actions are within the functional scope (managing repos/deployments) but they involve reading/modifying local git config and persisting API tokens — sensitive operations that the metadata did not advertise.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written by the registry itself. The SKILL.md instructs users/agents to run 'npm i -g openpond-code' or use 'npx'. That delegates installation to npm at runtime — lower risk from the registry, but you must vet the npm package (supply chain risk).
Credentials
Metadata lists no required environment variables, yet SKILL.md documents optional/expected vars (OPENPOND_API_KEY, OPENPOND_BASE_URL, etc.) and shows non-interactive login via an API key. Requesting and caching API keys is reasonable for this CLI, but the omission from declared requirements reduces transparency and increases the chance of accidental credential exposure.
Persistence & Privilege
always:false and autonomous invocation are default and acceptable. The SKILL.md does indicate persistent state: a cache file at ~/.openpond/cache.json and temporary changes to .git/config during tokenized pushes. These are expected for a CLI that authenticates and pushes code, but they do create persistent tokens and modify local repo config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openpond-cli - After installation, invoke the skill by name or use
/openpond-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
openpond-cli v0.1.1
- Initial release of OpenPond CLI workflows.
- Create and manage OpenPond repositories from the command line, including interactive and non-interactive login.
- Support for pushing code to repos, watching deployments, and managing tools without the web UI.
- Account-level commands to list apps, run tools, view performance, and create agents.
- OpenTool passthrough commands available via `npx`.
- Configurable via environment variables and supports caching.
Metadata
Frequently Asked Questions
What is Openpond Cli?
Use the OpenPond CLI to create repos, watch deployments, and run tools without the web UI. It is an AI Agent Skill for Claude Code / OpenClaw, with 738 downloads so far.
How do I install Openpond Cli?
Run "/install openpond-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openpond Cli free?
Yes, Openpond Cli is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openpond Cli support?
Openpond Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openpond Cli?
It is built and maintained by glucrypto (@glucrypto); the current version is v0.1.1.
More Skills