← Back to Skills Marketplace
294
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install cogmate-client
Description
Access and query Cogmate personal knowledge systems for knowledge retrieval, semantic search, and Q&A using a valid CogNexus access token.
README (SKILL.md)
Cogmate Client
Connect to Cogmate instances for knowledge retrieval and Q&A.
Prerequisites
- Valid access token (obtain from CogNexus or instance owner)
- Cogmate API endpoint URL
Quick Start
Ask a Question
curl -X POST "http://{COGMATE_URL}/api/ask?token=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"question": "你的问题"}'
Semantic Search
curl "http://{COGMATE_URL}/api/visual/facts?token=YOUR_TOKEN&search=关键词"
API Reference
Authentication
All protected endpoints require token as query parameter (not JSON body).
Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/ask |
POST | Ask questions, get AI-powered answers |
/api/visual/facts |
GET | Browse/search knowledge facts |
/api/visual/stats |
GET | Get knowledge base statistics |
/api/visual/graph |
GET | Get knowledge graph data |
/api/hub/profile |
GET | Get Cogmate profile (public) |
POST /api/ask?token=YOUR_TOKEN
Ask a question against the knowledge base.
Request:
{
"question": "What do you know about X?"
}
Response:
{
"answer": "Based on the knowledge base...",
"sources": [{"id": "fact_xxx", "summary": "..."}]
}
GET /api/visual/facts
Browse or search facts.
Parameters:
token(required): Access tokensearch(optional): Search querylayer(optional): Filter by layer (fact/connection/abstract)
GET /api/visual/stats
Get statistics about the knowledge base.
Response:
{
"facts": 87,
"connections": 45,
"abstracts": 12
}
Token Permissions
| Scope | Capabilities |
|---|---|
full |
Complete access: browse, ask, view private |
qa_public |
Q&A only (may have usage limits) |
browse_public |
Browse public facts only |
Helper Scripts
Ask Question
./scripts/ask.sh \x3Ccogmate_url> \x3Ctoken> "Your question"
Search Knowledge
./scripts/search.sh \x3Ccogmate_url> \x3Ctoken> "search term"
Getting Access
- Visit the Cogmate owner's CogNexus marketplace listing
- Purchase a token with ATP (platform credits)
- Use the token to access the Cogmate API
Error Handling
| Status | Meaning |
|---|---|
| 401 | Invalid or expired token |
| 403 | Insufficient permissions |
| 429 | Rate limit exceeded |
| 500 | Server error |
Example Workflow
import requests
COGMATE_URL = "http://example.com:8000"
TOKEN = "your_token_here"
# Ask a question (token in query params, question in body)
response = requests.post(
f"{COGMATE_URL}/api/ask",
params={"token": TOKEN},
json={"question": "What are the key insights about X?"}
)
print(response.json()["answer"])
# Search facts
facts = requests.get(
f"{COGMATE_URL}/api/visual/facts",
params={"token": TOKEN, "search": "keyword"}
).json()
for fact in facts.get("facts", []):
print(f"- {fact['summary']}")
Usage Guidance
This skill is a simple client that needs a Cogmate endpoint URL and an access token you provide. Before installing/using: (1) confirm the COGMATE_URL you supply is trustworthy and use HTTPS to avoid token interception; (2) prefer supplying tokens via secure means rather than embedding them in shared command history (tokens in URL query params can appear in logs and browser history); (3) verify token scope/least-privilege (use qa_public or browse_public if full access isn't required); (4) review the two small scripts (they are plain curl+python JSON parsing) before running. The repository links in the README contain inconsistent example domains—double-check the real CogNexus/Cogmate documentation from the instance owner before obtaining tokens.
Capability Analysis
Type: OpenClaw Skill
Name: cogmate-client
Version: 1.0.1
The skill bundle contains shell injection vulnerabilities in 'scripts/ask.sh' and 'scripts/search.sh'. Specifically, user-provided inputs such as the question or search term are expanded within double-quoted strings in curl commands (e.g., "${QUESTION}"), which allows for command execution via subshell expansion (e.g., $(whoami)) on the host running the agent. While these appear to be unintentional coding flaws rather than intentional malware, they pose a significant security risk if the agent processes untrusted input.
Capability Assessment
Purpose & Capability
Name/description (querying Cogmate personal knowledge systems) matches the provided SKILL.md, reference docs, and the two helper scripts which perform POST /api/ask and GET /api/visual/facts. There are no unrelated requirements (no cloud creds, no system binaries).
Instruction Scope
Runtime instructions and scripts only call the documented Cogmate endpoints using a supplied URL and token. They do not read local files, access unrelated environment variables, or send data to third-party endpoints. The only minor concern is that tokens are passed as URL query parameters (per API design), which can leak via logs—this is a security/design note, not evidence of scope creep.
Install Mechanism
No install specification (instruction-only). The repo contains two small shell scripts; nothing is downloaded or installed automatically and no archives or remote installers are used.
Credentials
The skill requests no environment variables or primary credentials in the registry metadata; tokens are expected to be provided by the caller as arguments. The credential needs (a CogNexus/Cogmate token) are proportional to the stated functionality.
Persistence & Privilege
Skill does not request persistent/always-on privileges, does not modify other skills or system settings, and uses standard agent-invocable defaults. No elevated system presence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cogmate-client - After installation, invoke the skill by name or use
/cogmate-client - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix: Token must be passed as query parameter, not JSON body
v1.0.0
Initial release: Cogmate knowledge system access skill
Metadata
Frequently Asked Questions
What is Cogmate Client?
Access and query Cogmate personal knowledge systems for knowledge retrieval, semantic search, and Q&A using a valid CogNexus access token. It is an AI Agent Skill for Claude Code / OpenClaw, with 294 downloads so far.
How do I install Cogmate Client?
Run "/install cogmate-client" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cogmate Client free?
Yes, Cogmate Client is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Cogmate Client support?
Cogmate Client is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cogmate Client?
It is built and maintained by MaxiiWang (@maxiiwang); the current version is v1.0.1.
More Skills