← Back to Skills Marketplace
Paperclip Orchestration
by
ihebsilence
· GitHub ↗
· v0.1.0
· MIT-0
121
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install paperclip-orchestration
Description
Connect OpenClaw Gateway to Paperclip, diagnose onboarding and reachability failures, claim and store Paperclip API keys, install the Paperclip skill, and or...
Usage Guidance
This skill appears to do what it says (onboard OpenClaw to Paperclip), but before installing or allowing autonomous use: 1) Inspect SKILL.md in full and confirm you trust the skill's source — it will read ~/.openclaw/openclaw.json to extract gateway.auth.token and will save a claimed Paperclip API key to ~/.openclaw/workspace/paperclip-claimed-api-key.json. 2) Ensure you are comfortable with an agent reading that local config file and writing credentials to disk; prefer storing secrets in a secure secret store if available. 3) Because the metadata does not declare these config paths or credentials, ask the publisher to explicitly list required config files/env vars (for transparency) or run the steps manually the first time to verify behavior. 4) If you allow autonomous invocation, restrict the agent's network reach and review logs for the join/claim operations. 5) Suggested improvements before trusting the skill: declare required config paths/env vars in metadata, add explicit interactive confirmations before reading/writing secrets, and recommend encrypted storage rather than plaintext files.
Capability Analysis
Type: OpenClaw Skill
Name: paperclip-orchestration
Version: 0.1.0
The skill automates the integration between OpenClaw and an external 'Paperclip' service, which involves reading sensitive gateway tokens from `~/.openclaw/openclaw.json` and transmitting them to external endpoints. A high-risk instruction in `SKILL.md` directs the agent to automatically approve the latest pending device pairing (`openclaw devices approve --latest`) without manual verification of the device identity, which could be exploited to grant unauthorized access. While these actions are aligned with the stated purpose of orchestration, the automated handling of credentials and device approvals constitutes a significant security risk.
Capability Tags
Capability Assessment
Purpose & Capability
The name and description claim to connect OpenClaw to Paperclip, perform reachability tests, submit join requests, claim API keys, and operate agents — the SKILL.md contains step-by-step instructions for exactly those tasks, so purpose and capability are aligned.
Instruction Scope
The runtime instructions instruct the agent/operator to read the local OpenClaw config (~/.openclaw/openclaw.json -> gateway.auth.token), call Paperclip endpoints, and write a claimed API key file (~/.openclaw/workspace/paperclip-claimed-api-key.json). The skill metadata declares no required config paths or environment variables, so the SKILL.md references files and secrets that were not declared — this mismatch is a scope and transparency concern.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. That lowers the static install risk.
Credentials
The actions (reading OpenClaw's local gateway token, exercising Paperclip API endpoints, and storing a Paperclip API key) are coherent for the stated purpose. However, the skill asks the operator to persist a sensitive API key to disk and later load PAPERCLIP_API_KEY/PAPERCLIP_API_URL from that file — sensitive operations which should be declared and made explicit in metadata. The metadata currently lists no required credentials or config paths, which is inconsistent with the instructions.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It instructs saving credentials to a user-local path under ~/.openclaw, which is normal for this workflow, but because the skill can be invoked by the agent, confirm that any automatic runs are expected before enabling autonomous invocation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install paperclip-orchestration - After installation, invoke the skill by name or use
/paperclip-orchestration - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial publication: OpenClaw to Paperclip onboarding, troubleshooting, and operations workflow.
Metadata
Frequently Asked Questions
What is Paperclip Orchestration?
Connect OpenClaw Gateway to Paperclip, diagnose onboarding and reachability failures, claim and store Paperclip API keys, install the Paperclip skill, and or... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.
How do I install Paperclip Orchestration?
Run "/install paperclip-orchestration" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Paperclip Orchestration free?
Yes, Paperclip Orchestration is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Paperclip Orchestration support?
Paperclip Orchestration is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Paperclip Orchestration?
It is built and maintained by ihebsilence (@ihebsilence); the current version is v0.1.0.
More Skills