← Back to Skills Marketplace
OpenServ Client
by
issa-me-sush
· GitHub ↗
· v1.0.4
1145
Downloads
0
Stars
4
Active Installs
5
Versions
Install in OpenClaw
/install openserv-client
Description
Complete guide to using @openserv-labs/client for managing agents, workflows, triggers, and tasks on the OpenServ Platform. Covers provisioning, authenticati...
Usage Guidance
This package appears to be a genuine platform client, but there are a few red flags you should consider before installing or running it: 1) Metadata omission: the registry entry lists no required environment variables, yet the documentation and examples use WALLET_PRIVATE_KEY, OPENSERV_API_KEY and OPENSERV_AUTH_TOKEN. Assume these secrets are required. 2) Secrets handling: provision() and troubleshooting describe writing private keys to .env and persisting .openserv.json—storing private keys in plaintext files is risky. Review the code paths that write files and consider keeping keys in a secure vault instead. 3) Token leakage: example scripts print webhook tokens and API keys to stdout; avoid running examples in shared logs or CI without sanitization. 4) Destructive actions: the cleanup example can delete all platform resources; be cautious with --all and run in a controlled account. 5) Origin unknown + prompt-injection signal: the source/homepage is unknown and a prompt-injection pattern was detected in SKILL.md—verify package provenance (official registry, maintainer contact, code signatures) before trusting it. Recommended actions: inspect the actual library code (not just docs) for where it writes .env/.openserv.json and for any network endpoints it calls; run examples in an isolated environment with throwaway credentials; if you need to use it in production, prefer manually managing credentials (do not permit provision() to persist your private key) and consider using hardware or vault-backed wallet signing.
Capability Analysis
Type: OpenClaw Skill
Name: openserv-client
Version: 1.0.4
The OpenClaw AgentSkills skill bundle provides a client library for interacting with the OpenServ platform, including agent/workflow management, x402 payments, and ERC-8004 on-chain identity. All code and documentation align with this stated purpose, demonstrating legitimate interactions with the platform API and blockchain. While the skill handles sensitive credentials like `WALLET_PRIVATE_KEY` and `OPENSERV_API_KEY` (e.g., writing `WALLET_PRIVATE_KEY` to `.env` via `provision()`), this is a necessary function for its operation and does not show intent for unauthorized exfiltration or malicious use. No evidence of prompt injection, obfuscation, or other malicious behaviors was found in `SKILL.md`, `reference.md`, `troubleshooting.md`, or the example scripts.
Capability Assessment
Purpose & Capability
The name/description and SKILL.md align: this is a client for the OpenServ platform (provisioning agents, triggers, workflows, x402 payments, ERC-8004). Example code and API reference are consistent with that purpose. However, the registry metadata declares no required environment variables or credentials while the instructions repeatedly rely on WALLET_PRIVATE_KEY, OPENSERV_API_KEY, and OPENSERV_AUTH_TOKEN (and describe writing them to disk). That metadata omission is an inconsistency.
Instruction Scope
Runtime instructions (and examples) instruct the agent/app to create or reuse an Ethereum wallet, authenticate using WALLET_PRIVATE_KEY, persist state to .openserv.json, and (per troubleshooting) write WALLET_PRIVATE_KEY / OPENSERV_* values into .env. Examples also print webhook tokens and API keys to stdout. These actions read/write sensitive secrets and local state and will transmit/propagate credentials to the platform—behavior that is outside a harmless 'reference guide' scope and should be explicitly disclosed.
Install Mechanism
This is instruction-only with recommended npm install of the package (@openserv-labs/client). There is no install spec that downloads arbitrary archives or runs remote installers, so installation risk is low-probability from the skill bundle itself. Example code is included but no build/install steps are embedded that modify system binaries.
Credentials
The SKILL.md and examples require and manipulate sensitive environment variables (WALLET_PRIVATE_KEY, OPENSERV_API_KEY, OPENSERV_AUTH_TOKEN) yet the skill metadata lists none. The instructions even describe provision() writing private keys to .env—storing private keys in plaintext files is high-risk and should be treated as a significant privilege. The number and sensitivity of env interactions are proportionate to a platform client, but the lack of explicit declaration and the advice to persist secrets are concerning.
Persistence & Privilege
The skill does not request 'always: true' and does not change other skills' configs, but it explicitly persists local state (.openserv.json and .env) and can create/delete platform resources (examples include a cleanup script with --all). Autonomous invocation is allowed (default), which combined with secret persistence means a compromised or misused agent could act against the platform or leak credentials—this is expected for a client but important to be aware of.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openserv-client - After installation, invoke the skill by name or use
/openserv-client - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- Added a sample environment file: examples/env.example.txt
- Users now have a template for required environment variables to aid in setup and configuration
v1.0.3
fixes
v1.0.2
fixes
v1.0.1
fixes
v1.0.0
openserv-client v1.0.0 initial release:
- Introduces a complete TypeScript client for the OpenServ Platform API.
- Provides simple, idempotent agent provisioning and execution via provision() and run().
- Documents support for agent instance credential binding (v1.1+), trigger/task/workflow management, and API key or wallet-based auth flows.
- Includes type-safe triggers factory, state management utilities, and documented webhook/x402/cron/manual trigger flows.
- Reference materials and full API documentation included for advanced use cases.
- Lists required environment variables and cleanup procedures.
Metadata
Frequently Asked Questions
What is OpenServ Client?
Complete guide to using @openserv-labs/client for managing agents, workflows, triggers, and tasks on the OpenServ Platform. Covers provisioning, authenticati... It is an AI Agent Skill for Claude Code / OpenClaw, with 1145 downloads so far.
How do I install OpenServ Client?
Run "/install openserv-client" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenServ Client free?
Yes, OpenServ Client is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenServ Client support?
OpenServ Client is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenServ Client?
It is built and maintained by issa-me-sush (@issa-me-sush); the current version is v1.0.4.
More Skills