← Back to Skills Marketplace
borisolver

CleanApp Report Submission

by borisolver · GitHub ↗ · v0.1.1
cross-platform ✓ Security Clean
1023
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install cleanapp
Description
Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. Your observations become actionable — routed...
README (SKILL.md)

SKILL: CleanApp Ingest v1 (OpenClaw/ClawHub)

This is a skill package that lets an agent submit reports into CleanApp using the Fetcher Key System:

  • POST /v1/fetchers/register (one-time key issuance)
  • POST /v1/reports:bulkIngest (bulk ingest, quarantine-first)
  • GET /v1/fetchers/me (introspection)

This is not a long-lived agent running inside the CleanApp backend. It’s a client-side integration that talks to CleanApp over HTTPS.

Why This Is Safe (Compartmentalized)

  1. The only secret in the agent is a revocable CleanApp API key (CLEANAPP_API_TOKEN).
  2. New keys default to a quarantine lane on the backend:
    • Stored + analyzed
    • Not publicly published
    • Not routed to brands/municipalities
    • Not rewarded
  3. The backend enforces:
    • rate limits / quotas
    • idempotency (source_id)
    • kill switches (revoke/suspend)

So even if an agent is prompt-injected, the blast radius is limited to “submitting more quarantined reports” until the key is revoked.

Required Secret

  • CLEANAPP_API_TOKEN (Bearer token). Get it once via:
    • POST /v1/fetchers/register (see references/API_REFERENCE.md)
    • Store it as a ClawHub/OpenClaw secret; never paste into chat logs.

Optional env:

  • CLEANAPP_BASE_URL (default https://live.cleanapp.io)

Data Handling (Minimal by Default)

This skill submits:

  • title, description (text)
  • optional lat/lng (location)
  • optional media[] metadata (URL/SHA/content-type)

Recommended low-risk defaults:

  • --approx-location (round coordinates to reduce precision)
  • --no-media (drop media metadata unless needed)

Idempotency (Important)

Every item must include a stable source_id. The backend enforces:

  • UNIQUE(fetcher_id, source_id)
  • retries won’t duplicate rows if you reuse the same source_id

Usage

Bulk ingest from JSON (recommended)

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
python3 ingest.py \\
  --base-url https://live.cleanapp.io \\
  --input examples/sample_items.json \\
  --approx-location \\
  --no-media

Dry run (no network)

python3 ingest.py --input examples/sample_items.json --dry-run

Single-item helper (shell)

This is useful for quick manual submissions while debugging.

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
./scripts/submit_report.sh --title "Broken elevator" --description "Stuck on floor 3" --lat 34.0702 --lng -118.4441 --approx-location

Promotion (Out of Quarantine)

Promotion is a reviewed process. As you build reputation, CleanApp can:

  • raise caps
  • allow public publishing/routing/rewards

See:

  • POST /v1/fetchers/promotion-request
  • GET /v1/fetchers/promotion-status

References

  • Swagger UI: https://live.cleanapp.io/v1/docs
  • OpenAPI YAML: https://live.cleanapp.io/v1/openapi.yaml
  • references/API_REFERENCE.md in this package
Usage Guidance
This package appears to do exactly what it says: build JSON report payloads and POST them to CleanApp. Before installing or running it, consider the following: - Expect to provide one secret: CLEANAPP_API_TOKEN (a Fetcher API key). Store it as a secret in your platform rather than pasting into chat or logs. The manifest and SKILL.md require it even though the top-level registry note omitted it. - Test using --dry-run first to confirm payload shape and that approximate-location / no-media options behave as you expect. - Use a low-privilege / quarantine fetcher key for initial testing and rotate/revoke it after use. Don’t use a production/promoted key until you’ve validated behavior. - Review the included scripts (ingest.py and scripts/submit_report.sh) yourself — they are small and readable; there is no remote fetching or obfuscated code in the package. - If you plan to run this in an automated agent, ensure the token is scoped and monitored (rate limits, quotas, and ability to revoke). The only real issue is the metadata mismatch about required env vars (packaging error). If that is corrected, the skill is internally coherent.
Capability Analysis
Package: cleanapp_ingest_v1 (xpi) Version: 1.0.1 Description: Bulk submit problem signals (bugs/incidents/feedback) to CleanApp via /v1/reports:bulkIngest (quarantine by default). The `cleanapp_ingest_v1` package is designed to submit problem signals to the CleanApp API. The analysis of the full source code reveals a well-structured and security-conscious implementation. Key security features include: 1. **Explicit Secret Handling**: The `CLEANAPP_API_TOKEN` is declared as a required secret and is retrieved exclusively from environment variables, preventing hardcoding and promoting secure secret management. 2. **Dry Run Mode**: Both the `ingest.py` Python script and the `submit_report.sh` shell helper script implement a `--dry-run` option, allowing users to inspect the exact JSON payload and target URL before any network requests are made. This provides transparency and a crucial security control. 3. **Controlled Network Communication**: The package uses standard Python `urllib.request` or `curl` for HTTPS communication. The target URL defaults to `https://live.cleanapp.io` but can be configured via an environment variable, which is a standard practice for API clients. The API key is sent securely as a Bearer token in the Authorization header. 4. **Data Handling Policies**: Options are provided to redact media metadata (`--no-media`) and to approximate or remove location data (`--approx-location`, `--no-location`), enhancing privacy and control over sensitive information. 5. **Idempotency Enforcement**: The `ingest.py` script validates that each item has a `source_id`, and `submit_report.sh` generates a unique `source_id` if not provided, supporting the CleanApp API's idempotency requirements to prevent duplicate submissions. 6. **Safe Command Execution**: Shell scripts use `set -euo pipefail` for robustness and employ Python for safe JSON payload construction and coordinate rounding, mitigating shell injection risks. No dynamic `eval` or remote script fetching is observed. 7. **Clear Documentation**: The `README.md`, `SKILL.md`, and `API_REFERENCE.md` files clearly outline the package's purpose, security goals, data handling, and the 'quarantine-first' nature of the CleanApp ingest system, which limits the blast radius of new or unverified data submissions. The package's functionality aligns with its stated purpose, and its design incorporates multiple layers of security best practices, making it benign.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and code all align: the skill submits problem reports to CleanApp's /v1/reports:bulkIngest. The code only makes HTTPS calls to the declared base URL and manipulates user-provided JSON payloads. Minor packaging inconsistency: the top-level registry metadata in the provided bundle claims 'Required env vars: none' and 'Primary credential: none', but the package manifest and SKILL.md declare CLEANAPP_API_TOKEN as a required secret. This appears to be a packaging/metadata error rather than functional misalignment.
Instruction Scope
SKILL.md and scripts restrict behavior to building payloads, applying optional location/media redaction, and POSTing to CleanApp. There is a true dry-run mode that prints payload without network. The runtime instructions do not request reading unrelated system files or contacting other endpoints.
Install Mechanism
No remote downloads or install spec; this is an instruction+script package with all referenced scripts included. No dynamic fetching of remote scripts or execution of code from arbitrary URLs.
Credentials
Runtime code and SKILL.md require only a single bearer token (CLEANAPP_API_TOKEN) and optionally CLEANAPP_BASE_URL plus non-sensitive agent metadata env vars. That credential is proportionate to the described purpose. However, the registry-level 'Requirements' block provided to the evaluator lists no required env vars, while manifest.json and SKILL.md declare CLEANAPP_API_TOKEN — this mismatch should be resolved (manifest/SKILL.md are correct for runtime behavior).
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges, does not modify other skills, and does not persist arbitrary tokens to other config locations. It performs standard client-side HTTP calls only when invoked.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cleanapp
  3. After installation, invoke the skill by name or use /cleanapp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
CleanApp v0.1.1 - Updated release of the CleanApp skill package for submitting any type of bug report, issue, improvement proposal, hazard (in digital as well as physical worlds). - Supports report submission to CleanApp using the Fetcher Key System and quarantine-first backend. - Includes bulk ingest via `ingest.py`, sample item JSON, and shell helper scripts. - Documentation and API reference files provided for setup, usage, and best practices. - Secure by design: uses revocable API tokens and compartmentalized data handling. - Promotion process and backend safety/introspection endpoints detailed.
v0.1.0
Initial release of CleanApp Report Submission - Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. - Reports are analyzed, enriched, and routed to responsible brands, municipalities, and regulators for action. - Supports detailed reporting including optional GPS, severity, classification, tags, brand, and images. - Includes API endpoint, request format, helper script, and best practices for submitting reports. - Dashboard, deduplication, AI-powered analysis, and report clustering included in workflow.
Metadata
Slug cleanapp
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is CleanApp Report Submission?

Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. Your observations become actionable — routed... It is an AI Agent Skill for Claude Code / OpenClaw, with 1023 downloads so far.

How do I install CleanApp Report Submission?

Run "/install cleanapp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CleanApp Report Submission free?

Yes, CleanApp Report Submission is completely free (open-source). You can download, install and use it at no cost.

Which platforms does CleanApp Report Submission support?

CleanApp Report Submission is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CleanApp Report Submission?

It is built and maintained by borisolver (@borisolver); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments