← Back to Skills Marketplace
74
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install mapick
Description
Mapick — Skill recommendation & privacy protection for OpenClaw. Scans your local skills, suggests what you're missing, and keeps other skills from seeing yo...
Usage Guidance
Mapick appears to be what it says: a local recommender that sends limited anonymous telemetry to api.mapick.ai and enforces multiple client-side guards (endpoint allowlist, redaction, upload checks). Before installing, consider: 1) The default privacy model is opt-out and Mapick makes a single automatic call on first conversation (sends only device_fp). If you want zero network calls until you decide, run node scripts/shell.js privacy consent-decline immediately after install (SKILL.md documents this). 2) The persona 'share' flow uploads a Mapick-generated /tmp HTML after a redaction check — review scripts/redact.js to confirm the patterns removed meet your expectations. 3) The skill backs up uninstalled skill directories into ~/.openclaw/skills/mapick/trash/; that is local-only but will copy source trees—ensure you’re comfortable with that behavior. 4) If you want extra assurance, grep the included scripts (scripts/lib/http.js, scripts/redact.js, scripts/lib/core.js) to verify the allowlist and redaction logic yourself. Overall the package is internally consistent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill
Name: mapick
Version: 0.0.15
Mapick is a skill management and privacy utility for OpenClaw that implements robust security controls. It features a comprehensive local redaction engine (scripts/redact.js) to strip PII and API keys before any data leaves the machine, and a centralized network manifest (scripts/lib/http.js) that enforces an endpoint allowlist for api.mapick.ai. While the skill uses an opt-out telemetry model for anonymous usage statistics and skill recommendations, this behavior is transparently documented in the README.md and SKILL.md. The persona report sharing mechanism (scripts/lib/misc.js) is restricted to specific, redacted HTML files in /tmp, and the skill includes built-in audit logging (scripts/lib/audit.js) for user oversight of outbound traffic.
Capability Assessment
Purpose & Capability
Name/description match required permissions and code: it needs Node, reads installed SKILL.md files under ~/.openclaw/skills, writes to its own cache/trash paths, and talks only to api.mapick.ai. The requested binaries, file paths, and network host are proportionate to a local skill recommender/privacy helper.
Instruction Scope
SKILL.md and code limit runtime actions to scanning local skill frontmatter, running local Node entrypoints (scripts/shell.js), calling an allowlisted backend, redacting text before upload, and backing up a skill being uninstalled. Notable UX/privacy behavior: Mapick defaults to data-sharing ON and performs one automatic call to api.mapick.ai/assistant/status on first conversation sending only the device_fp; this is explicit in the SKILL.md but may surprise privacy-conscious users.
Install Mechanism
No external install/download steps are declared. The skill is delivered with JS source bundled in the package (no runtime fetch-from-URL or extraction), so nothing is pulled from arbitrary URLs during runtime. This is low-risk relative to remote installers.
Credentials
The skill requests no environment variables or unrelated credentials. Optional env vars (e.g., MAPICK_TRASH_TTL_DAYS) are for local behavior tuning only. File and network access are limited to declared paths and api.mapick.ai respectively; no API keys, tokens, or arbitrary files are required.
Persistence & Privilege
Does not set always:true and uses persistent storage only for its own config/cache/logs (~/.mapick and its workspace mapick config). It writes a device_fp into its CONFIG.md and backs up uninstalled skills into its trash directory (local-only). Autonomous invocation is allowed (default) but that is the platform norm.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mapick - After installation, invoke the skill by name or use
/mapick - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.15
### Changed
- Address ClawHub openclaw security review findings (CLAWHUB.md transparency improvements)
v0.0.14
### Changed
- Split audit-log reader out of http.js to clear ClawHub potential_exfiltration scanner warning
v0.0.13
### Changed
- Scan-safe build: removed all subprocess execution (fetch replaces curl, redact runs in-process, cron registration disabled)
v0.0.12
Restrict persona share uploads and fail closed when redaction is unavailable
v0.0.11
Parameterize subprocess calls to reduce shell-injection scan risk
v0.0.10
### Changed
- Workspace shadow detection, diagnose command, cron deduplication, opt-out display polish, ClawHub README split
v0.0.6
### Changed
- normal update
Metadata
Frequently Asked Questions
What is Mapick?
Mapick — Skill recommendation & privacy protection for OpenClaw. Scans your local skills, suggests what you're missing, and keeps other skills from seeing yo... It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.
How do I install Mapick?
Run "/install mapick" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mapick free?
Yes, Mapick is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mapick support?
Mapick is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mapick?
It is built and maintained by mapick-ai (@sunlleyevan); the current version is v0.0.15.
More Skills