← Back to Skills Marketplace

Zanna Aperta

Name: Zanna Aperta
Author: raidone632-create

by raidone632-create · GitHub ↗ · v3.4.0 · MIT-0

cross-platform ⚠ suspicious

143

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install zanna-aperta

Description

MCP Bridge completo per OpenClaw con 45 tool per agenti, workspace, progetti, cron, browser, canvas, nodes, messaging, gateway, Ollama e ClawX

Usage Guidance

This skill appears coherent for a local MCP/OpenClaw bridge, but it executes local commands and reads/writes your OpenClaw workspace. Before installing: (1) review the included zanna-aperta.py yourself (it will run with your user permissions); (2) ensure no sensitive credentials or secrets are stored under the configured workspace path; (3) be aware it can create/delete workspaces, invoke OpenClaw tools, and interact with local services (Ollama on localhost and ClawX); (4) run it in a test or isolated environment if you want to limit risk; and (5) verify the openclaw binary and any local services it talks to are trusted. If you want extra assurance, ask for a full line-by-line review of the Python file (the provided snippet is large) or run the skill with a read-only workspace copy first.

Capability Analysis

Type: OpenClaw Skill Name: zanna-aperta Version: 3.4.0 The skill bundle provides an extensive MCP bridge with high-privilege capabilities, including arbitrary Docker and Git command execution (exec_docker, exec_git), remote camera access (nodes_camera_snap), and JavaScript evaluation (canvas_eval). While these tools align with the stated purpose of managing an OpenClaw environment, the implementation of exec_docker and exec_git in zanna-aperta.py is highly vulnerable to command injection as it passes unsanitized user input directly to subprocess.run via string splitting. The broad access to system resources and connected devices, combined with weak input validation, presents a significant security risk.

Capability Tags

crypto

Capability Assessment

✓ Purpose & Capability

Name/description claim (MCP Bridge for OpenClaw exposing many tools) matches the code and SKILL.md: the script runs an OpenClaw CLI (OPENCLAW_BIN), manipulates workspace directories, and implements the listed tool handlers (agents, workspace, projects, cron, browser, exec, Ollama, ClawX, etc.). Nothing required by the code (workspace access, openclaw binary, optional local Ollama/ClawX) is out of scope for a bridge tool.

✓ Instruction Scope

SKILL.md instructs adding the Python script to ~/.openfang/settings.json and to set OPENCLAW_WORKSPACE/OPENCLAW_BIN — the script reads/writes workspace files and uses the OpenClaw CLI. The instructions do not ask for unrelated files, secrets, or external endpoints beyond optional local services (ollama on localhost and ClawX path). The code does perform filesystem I/O within the workspace and spawns OpenClaw/other local commands, which is expected behavior for this functionality.

✓ Install Mechanism

There is no external install spec or network download; the skill is instruction-only and ships a Python file. Installation consists of placing and running the included script in the user's OpenClaw skills path — no remote archives or third‑party package installs are performed by the skill itself.

✓ Credentials

The skill requests no credentials and the only environment/config it uses (OPENCLAW_WORKSPACE, OPENCLAW_BIN) is directly relevant to its purpose. It will read and write files in the workspace directories it manages; this file access is proportionate to a workspace/agent management bridge but users should note any secrets stored in those directories could be accessed.

✓ Persistence & Privilege

always is false and model invocation is allowed (platform default). The skill does not request permanent platform-level privileges or modify other skills' configurations. It will create, update, and delete files under the configured workspace and may start/stop local services (ClawX) which is consistent with its role.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install zanna-aperta
After installation, invoke the skill by name or use /zanna-aperta
Provide required inputs per the skill's parameter spec and get structured output

Version History

v3.4.0

Aggiunti 4 tool ClawX per controllo interfaccia desktop OpenClaw - 45 tool totali

v3.3.0

MCP Bridge completo per OpenClaw con 41 tool per agenti, workspace, progetti, cron, browser, canvas, nodes, messaging, gateway e Ollama

Metadata

Slug zanna-aperta

Version 3.4.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Zanna Aperta?

MCP Bridge completo per OpenClaw con 45 tool per agenti, workspace, progetti, cron, browser, canvas, nodes, messaging, gateway, Ollama e ClawX. It is an AI Agent Skill for Claude Code / OpenClaw, with 143 downloads so far.

How do I install Zanna Aperta?

Run "/install zanna-aperta" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Zanna Aperta free?

Yes, Zanna Aperta is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Zanna Aperta support?

Zanna Aperta is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Zanna Aperta?

It is built and maintained by raidone632-create (@raidone632-create); the current version is v3.4.0.

More Skills