← Back to Skills Marketplace
sandrokitchener

Claw Quest Connect

by sandrokitchener · GitHub ↗ · v0.1.3 · MIT-0
win32linuxdarwin ⚠ suspicious
111
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install clawquest-connect
Description
Use when the user wants to connect Claw Quest Android to this OpenClaw gateway with the manual URL+token flow, send those details over WhatsApp, and optional...
README (SKILL.md)

ClawQuest Connect

Use this skill when the user asks to:

  • connect Claw Quest
  • send Claw Quest mobile connection details
  • pair Claw Quest Android with this gateway
  • approve the next Claw Quest Android pairing request

This skill is intentionally based on the manual setup flow.

Do not default to QR codes or setup codes. Do not invent a Claw Quest-specific token format.

Connection policy

The preferred Claw Quest flow is:

  1. Resolve the current public Gateway WebSocket URL.
  2. Resolve the current shared gateway auth token or password.
  3. Send those details to the user in a single copy/paste-friendly WhatsApp message when WhatsApp is configured.
  4. Tell the user you are doing that.
  5. Watch for the next matching Claw Quest Android pairing request and approve it once.

If WhatsApp is not configured, say so plainly and provide the same details in chat.

What to inspect first

Run these read-only checks first:

openclaw config get gateway.auth.mode
openclaw config get gateway.remote.url
openclaw plugins inspect device-pair

Also inspect whichever auth secret matches the configured auth mode:

Token mode:

openclaw config get gateway.auth.token

Password mode:

openclaw config get gateway.auth.password

Interpretation:

  • Prefer gateway.remote.url as the public wss://... address for Claw Quest.
  • If gateway.remote.url is missing, explain that the public URL must be supplied or configured before Claw Quest manual setup will be smooth.
  • If gateway.auth.mode is token, send the gateway token.
  • If gateway.auth.mode is password, send the gateway password instead and label it clearly.
  • If the device-pair plugin is disabled, say so clearly because pairing help may be unavailable or limited until it is enabled.

WhatsApp handoff

If outbound WhatsApp messaging is configured on this host, always send the connection details there after resolving them.

Tell the user explicitly:

  • that you are sending the connection details over WhatsApp
  • that this is to make mobile copy/paste easier
  • that they should use Manual Setup inside Claw Quest Android

Send a single compact message containing only:

  • Gateway URL: \x3Cwss://...>
  • Gateway token: \x3Ctoken> or Gateway password: \x3Cpassword>
  • Use Claw Quest Android -> Manual Setup

Do not add extra formatting that makes mobile copy/paste harder.

If WhatsApp sending fails or is unavailable:

  • say so plainly
  • provide the same three lines in chat instead

Pairing watch-and-approve

When the user asks to connect Claw Quest, you may automatically approve the next matching Android pairing request one time.

Start a short watch loop:

openclaw devices list --json

Poll every 3 seconds for up to 2 minutes.

Approve only the first pending request that matches Claw Quest Android as closely as possible:

  • displayName: Claw Quest Android
  • platform: android
  • clientId: gateway-client
  • clientMode: backend
  • requested role operator
  • requested scopes include operator.read and operator.write

Approve it with:

openclaw devices approve \x3CrequestId>

Then immediately confirm with:

openclaw devices list --json

Tell the user whether approval succeeded and whether the paired device now shows:

  • role operator
  • scopes operator.read and operator.write

Stop after one approval. Do not auto-approve unrelated requests.

What to tell the user

When helping the user connect, be direct:

  • say which public Gateway URL you are using
  • say whether you are sending the token or password
  • say that Claw Quest should use Manual Setup
  • say that you are watching for and approving the next Android pairing request once

If connection still fails even with the correct manual token:

  • inspect openclaw devices list --json
  • explain whether the phone ever reached the pending-pairing stage
  • distinguish auth failed before pairing from pairing pending approval

Safety rules

  • Never claim this skill can bypass gateway auth policy.
  • Never approve a non-matching device as Claw Quest Android.
  • Never rotate or remove device credentials unless the user explicitly asks.
  • Never expose any secrets beyond the current gateway URL plus the one auth value needed for manual setup.
Usage Guidance
This skill appears to do what it says (use openclaw to fetch the gateway URL and the single auth value required for manual setup) but it will read and transmit that secret and may auto-approve a pairing. Before installing or running it: 1) Confirm who the WhatsApp recipient will be and require explicit user confirmation before sending any token/password; 2) Prefer showing the secret in chat and letting the user paste it unless they explicitly request WhatsApp handoff; 3) Require an explicit confirmation step before approving any pairing request; 4) Verify the device-pair plugin is enabled and check audit logs after pairing; 5) Consider rotating the token/password after pairing if exposure is a concern. If you need stricter controls (e.g., never send secrets to external services automatically), ask the skill author to add explicit recipient selection and a confirmation prompt in the SKILL.md.
Capability Analysis
Type: OpenClaw Skill Name: clawquest-connect Version: 0.1.3 The skill is designed to retrieve and transmit the gateway's primary authentication secrets (token or password) and automate the approval of new device pairing requests with 'operator.write' permissions. While these actions are aligned with the stated goal of connecting the 'Claw Quest' mobile app, the use of spoofable metadata (e.g., displayName, clientId) to auto-approve administrative-level access and the handling of raw credentials in SKILL.md represent significant security risks.
Capability Assessment
Purpose & Capability
The skill requires the 'openclaw' binary and the SKILL.md only invokes openclaw commands (config get, plugins inspect, devices list/approve). Those requirements align with the described purpose of retrieving gateway URL/token/password and managing device pairing.
Instruction Scope
Instructions tell the agent to read local gateway secrets (gateway.auth.token or gateway.auth.password) and to always send them via WhatsApp if outbound WhatsApp is configured. The skill does not specify how the WhatsApp recipient is selected or require explicit user confirmation before transmitting secrets. It also permits automatically approving the next matching pairing request without an explicit final confirmation. These behaviors can lead to inadvertent secret disclosure or unintended approvals.
Install Mechanism
Instruction-only skill with no install steps or external downloads; this is low risk and consistent with the metadata.
Credentials
The skill declares no environment variables, which is consistent, but it does read sensitive local configuration values (gateway.auth.token/password) via openclaw. Reading and transmitting one auth value is proportionate to a manual-setup flow, but it is sensitive and should be explicitly consented to and targeted only to a confirmed recipient.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other privilege red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawquest-connect
  3. After installation, invoke the skill by name or use /clawquest-connect
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
**Switched Claw Quest connection to manual URL+token flow with WhatsApp handoff and limited auto-approve.** - Uses the manual gateway URL and token/password for Claw Quest Android pairing, not QR/setup code. - Attempts to send connection details via WhatsApp for easier mobile copy/paste; falls back to chat if unavailable. - Provides clear instructions for manual setup in Claw Quest Android. - Offers an optional, one-time, watch-and-approve flow for the next matching Android pairing request. - Includes improved checks for gateway config and device-pair plugin status. - Restricts secret exposure to only the needed URL and token/password for pairing.
v0.1.2
- Added explicit dependency rules: the openclaw CLI must be available on PATH. - Clarified that device approval, rotation, or removal commands (`approve`, `rotate`, `remove`) require explicit user consent in the current conversation. - Updated metadata to declare openclaw binary as a required dependency. - Strengthened safety/responsibility language about not changing device authorization state without active user approval. - No code or implementation changes; documentation clarifies safe/default behaviors.
v0.1.1
- Added clear instructions for connecting the Claw Quest Android app to OpenClaw gateway using official QR and setup code. - Skill now describes steps for generating, copying, and scanning the official setup code, prioritizing remote gateway URL when available. - Outlines conditions and process for approving Claw Quest Android pairing requests, including strict device matching and approval flow. - Includes procedures for troubleshooting and repairing Claw Quest–gateway pairing issues, with detailed CLI command usage. - Enforces strict safety rules to prevent exposing sensitive information or approving non-matching devices.
Metadata
Slug clawquest-connect
Version 0.1.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Claw Quest Connect?

Use when the user wants to connect Claw Quest Android to this OpenClaw gateway with the manual URL+token flow, send those details over WhatsApp, and optional... It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.

How do I install Claw Quest Connect?

Run "/install clawquest-connect" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw Quest Connect free?

Yes, Claw Quest Connect is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Claw Quest Connect support?

Claw Quest Connect is cross-platform and runs anywhere OpenClaw / Claude Code is available (win32, linux, darwin).

Who created Claw Quest Connect?

It is built and maintained by sandrokitchener (@sandrokitchener); the current version is v0.1.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments