← Back to Skills Marketplace

Sightglass

Name: Sightglass
Author: davidgeorgehope

by David Hope · GitHub ↗ · v0.1.0

cross-platform ⚠ suspicious

595

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sightglass

Description

Monitors AI coding agents to track dependency choices, classify discovery methods, flag risks, and reveal biases and missed alternatives in your project.

Usage Guidance

This skill appears to do what it says: it installs an npm CLI, starts a local watcher, records per-session metadata in your user state directory, and can push analysis to sightglass.dev. Before installing: 1) Confirm you trust the @sightglass/cli package on npm and review its README/privacy policy; 2) Expect the watcher to observe file changes, package installs, and tool calls in the project directory — avoid using it on projects containing secrets unless you confirm what the CLI uploads; 3) During setup, check whether 'auto-push' is enabled and disable it if you don't want data sent to sightglass.dev; 4) Note the bundle expects node/npm (skill.json) even though the top-level requirements text said 'none'; ensure you have a safe environment for a global npm install; 5) If you need higher assurance, inspect the installed @sightglass/cli source (from npm or its repository) to see exactly what it transmits and how authentication is handled.

Capability Analysis

Type: OpenClaw Skill Name: sightglass Version: 0.1.0 The skill installs an external CLI tool (`@sightglass/cli`) globally via `npm i -g` in `setup.sh`. While this is necessary for the skill's stated purpose of providing 'Agent Supply Chain Intelligence,' it introduces a significant supply chain risk. The integrity of the installed package from the npm registry cannot be guaranteed, making it a potential vector for malicious code execution if the upstream package is compromised. The skill itself does not exhibit clear malicious intent, and `SKILL.md` contains no prompt injection attempts to subvert the agent's behavior beyond its stated purpose.

Capability Assessment

ℹ Purpose & Capability

Name, description, SKILL.md, and included scripts all align: the skill installs and uses an @sightglass/cli to watch agent sessions and analyze dependency choices. One minor inconsistency: the externally provided 'Requirements' section at the top of the bundle says 'none', but the included skill.json declares anyBins: ["node","npm"], and setup.sh installs an npm package — so Node/npm are effectively required.

ℹ Instruction Scope

Runtime instructions and hooks stay within the declared purpose: pre-spawn records session metadata and ensures a watcher runs; post-session runs analysis and summarizes findings. However, analysis and optional '--push' sync data to https://sightglass.dev and the setup flow mentions configuring auto-push. That means session information, dependency inventories, and related metadata can be transmitted to an external service — this is consistent with the tool's purpose but important to be aware of.

ℹ Install Mechanism

setup.sh installs @sightglass/cli via 'npm i -g', a typical registry install (moderate risk compared to curated package managers). There are no obscure download URLs or archive extracts. Global npm installs may require elevated rights on some systems (setup.sh does not handle sudo), but there is no evidence of unusual or obfuscated install behavior.

✓ Credentials

The skill does not declare or require environment credentials. It does rely on an authentication flow with sightglass.dev (invoked through the CLI 'sightglass login' / 'sightglass setup'), which is expected for remote sync. The hooks write session metadata to user-local XDG paths (~/.local/state or XDG_STATE_HOME) — appropriate for the stated function.

✓ Persistence & Privilege

The skill is not marked 'always:true'. It will auto-start a background 'sightglass watch' watcher in pre-spawn if not running, which creates a persistent watcher process under the user's account. This behavior matches a monitoring tool's needs but is a notable persistence behavior to accept explicitly. The skill does not modify other skills' configurations or request elevated system privileges in the provided scripts.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sightglass
After installation, invoke the skill by name or use /sightglass
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Initial release — agent supply chain intelligence

Metadata

Slug sightglass

Version 0.1.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Sightglass?

Monitors AI coding agents to track dependency choices, classify discovery methods, flag risks, and reveal biases and missed alternatives in your project. It is an AI Agent Skill for Claude Code / OpenClaw, with 595 downloads so far.

How do I install Sightglass?

Run "/install sightglass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sightglass free?

Yes, Sightglass is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Sightglass support?

Sightglass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sightglass?

It is built and maintained by David Hope (@davidgeorgehope); the current version is v0.1.0.

More Skills