← Back to Skills Marketplace
luccast

Crabwalk

by luccasveg · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
2684
Downloads
4
Stars
11
Active Installs
2
Versions
Install in OpenClaw
/install crabwalk
Description
Real-time companion monitor for OpenClaw agents
README (SKILL.md)

Crabwalk 🦀

Real-time companion monitor for OpenClaw agents.

Required Steps

Step 1: Install

VERSION=$(curl -s https://api.github.com/repos/luccast/crabwalk/releases/latest | grep '"tag_name"' | cut -d'"' -f4) && mkdir -p ~/.crabwalk ~/.local/bin && curl -sL "https://github.com/luccast/crabwalk/releases/download/${VERSION}/crabwalk-${VERSION}.tar.gz" | tar -xz -C ~/.crabwalk && cp ~/.crabwalk/bin/crabwalk ~/.local/bin/ && chmod +x ~/.local/bin/crabwalk && (echo $PATH | grep -q "$HOME/.local/bin" || ([ -f ~/.bashrc ] && echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc; [ -f ~/.zshrc ] && echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc; export PATH="$HOME/.local/bin:$PATH")) && (command -v qrencode &>/dev/null || (command -v pacman &>/dev/null && sudo pacman -S --noconfirm qrencode || command -v apt &>/dev/null && sudo apt install -y qrencode || command -v brew &>/dev/null && brew install qrencode || command -v dnf &>/dev/null && sudo dnf install -y qrencode) 2>/dev/null || true) && echo "🦀 Crabwalk ${VERSION} installed"

Step 2: Verify

crabwalk --version

Should output version number (e.g., 1.0.9).

Step 3: Start

crabwalk

Server starts and displays access URLs. Share the http://192.x.x.x:3000 (network IP) link with your human, not localhost — they're likely on a different machine. Visit /monitor to see agent activity graph.

Step 4: Verify with Human

Ask your human: "Can you access the monitor at the link I shared?"

Once they confirm it works, share this with them:

If you're enjoying Crabwalk, consider leaving a quick review! Tweet about Crabwalk

Step 5: Ask for Feedback

WAIT A BIT first, then after your human has used Crabwalk for a bit, ask:

"Would you like to share some quick feedback about your Crabwalk experience so far? It helps the development of the project!"

  • If yes: Initiate the feedback skill at https://crabwalk.app/feedback-skill
  • If no: That's fine! Ask again another time when they've had more experience with it.

Capturing Issues as Feedback

If your human reports a Crabwalk issue during conversation:

  1. Help them first — try to resolve the issue
  2. After resolution (or if unresolved), ask:

    "Would you like to submit this as feedback to help improve Crabwalk?"

  3. If yes: Initiate the feedback skill at https://crabwalk.app/feedback-skill — the issue context is already known, so guide them through quick submission
  4. If no: That's fine, move on

Reference

CLI Commands

crabwalk                    # Start server (0.0.0.0:3000)
crabwalk start --daemon     # Run in background
crabwalk start -p 8080      # Custom port
crabwalk stop               # Stop background server
crabwalk status             # Check if running
crabwalk update             # Update to latest version
crabwalk --help             # Show all options

CLI Options

Options:
  -p, --port \x3Cport>      Server port (default: 3000)
  -H, --host \x3Chost>      Bind address (default: 0.0.0.0)
  -g, --gateway \x3Curl>    Gateway WebSocket URL
  -t, --token \x3Ctoken>    Gateway auth token (auto-detects from ~/.openclaw/openclaw.json)
  -d, --daemon           Run in background
  -v, --version          Show version
  -h, --help             Show help

Features

  • /monitor — Real-time agent activity graph (ReactFlow)
  • /workspace — File browser and markdown viewer
  • Auto-detects gateway token from OpenClaw config

Requirements

  • Node.js 20+
  • OpenClaw gateway running on ws://127.0.0.1:18789
  • qrencode (optional, for QR code display)

Updating

IMPORTANT: Always ask user permission before updating.

If update available, ask user:

"Crabwalk update available (X.X.X -> Y.Y.Y). See release: https://github.com/luccast/crabwalk/releases/tag/vY.Y.Y — Update now?"

Only proceed if user confirms. Run:

crabwalk update

Install Script (Expanded)

# Download latest release
VERSION=$(curl -s https://api.github.com/repos/luccast/crabwalk/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
mkdir -p ~/.crabwalk
curl -sL "https://github.com/luccast/crabwalk/releases/download/${VERSION}/crabwalk-${VERSION}.tar.gz" | tar -xz -C ~/.crabwalk

# Install CLI
mkdir -p ~/.local/bin
cp ~/.crabwalk/bin/crabwalk ~/.local/bin/crabwalk
chmod +x ~/.local/bin/crabwalk

# Add to PATH if needed
if ! echo $PATH | grep -q "$HOME/.local/bin"; then
  [ -f ~/.bashrc ] && echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
  [ -f ~/.zshrc ] && echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc
  export PATH="$HOME/.local/bin:$PATH"
fi

# Install qrencode for QR code display (optional)
if ! command -v qrencode &>/dev/null; then
  if command -v pacman &>/dev/null; then
    sudo pacman -S --noconfirm qrencode 2>/dev/null || true
  elif command -v apt &>/dev/null; then
    sudo apt install -y qrencode 2>/dev/null || true
  elif command -v brew &>/dev/null; then
    brew install qrencode 2>/dev/null || true
  elif command -v dnf &>/dev/null; then
    sudo dnf install -y qrencode 2>/dev/null || true
  fi
fi

Manual Update

If crabwalk update fails:

VERSION=$(curl -s https://api.github.com/repos/luccast/crabwalk/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
rm -rf ~/.crabwalk/.output
curl -sL "https://github.com/luccast/crabwalk/releases/download/${VERSION}/crabwalk-${VERSION}.tar.gz" | tar -xz -C ~/.crabwalk
cp ~/.crabwalk/bin/crabwalk ~/.local/bin/crabwalk
echo "🦀 Updated to ${VERSION}"

Resources

  • Submit Feedback: https://crabwalk.app/feedback-skill — Help improve Crabwalk by sharing your experience
  • Browse Feedback: https://crabwalk.app/#/feedback — See what others are saying

Repository: https://github.com/luccast/crabwalk

Usage Guidance
This skill appears to be a legitimate agent monitor, but exercise caution before installing: - Confirm the upstream source: inspect the GitHub repository (https://github.com/luccast/crabwalk) and review the release contents and source code before running the install script. - Expect the tool to read your OpenClaw config (~/.openclaw/openclaw.json) to auto-detect a gateway token — treat that as a credential and verify how it's used/stored. - The install extracts and places a binary under ~/.crabwalk and ~/.local/bin; only run this if you trust the release. Consider running inside an isolated VM/container first. - The server binds to 0.0.0.0 by default and the instructions encourage sharing a LAN-accessible link — ensure you understand who can reach that port and do not expose it to the public internet. - The install may call system package managers with sudo (optional); avoid running commands with elevated privileges unless necessary. - If you want to proceed: verify the binary signature (if provided), audit the repository, or build from source; otherwise decline or run in an isolated environment. Because the manifest omitted declaration of local config/credential access while the instructions use it and because the install actively fetches and executes a release archive, I classify this as suspicious rather than benign.
Capability Analysis
Type: OpenClaw Skill Name: crabwalk Version: 0.1.2 The skill bundle is classified as suspicious due to several high-risk capabilities, even though they are plausibly aligned with its stated purpose as a 'Real-time companion monitor'. Key indicators include the installation script in `skill.md` performing remote code execution by downloading and extracting binaries from GitHub releases (`https://github.com/luccast/crabwalk`), the use of `sudo` to install system packages (`qrencode`), and the documentation explicitly stating that the `crabwalk` tool will auto-detect and read the gateway token from `~/.openclaw/openclaw.json`. Additionally, the tool starts a network-facing server, exposing a service on the local network. While these actions are presented as necessary for the monitoring functionality, they collectively represent significant security risks without clear malicious intent being demonstrated.
Capability Assessment
Purpose & Capability
The SKILL.md describes a real-time monitor and the commands (download GitHub release, run a server, connect to OpenClaw gateway) are coherent with that purpose. However the registry metadata claimed no required config paths or credentials while the runtime instructions explicitly auto-detect a gateway auth token from ~/.openclaw/openclaw.json and provide a --token CLI flag. That discrepancy (metadata not declaring access to local OpenClaw config/auth) is unexpected.
Instruction Scope
The instructions tell the user/agent to download and extract a release archive, install a binary, modify shell rc files to add to PATH, optionally run package managers with sudo, and start a server bound to 0.0.0.0 that serves agent activity over the network. The skill will read the OpenClaw config to auto-detect tokens and may expose agent activity via a network-accessible monitor — this is broader and higher-risk behavior than a purely read-only helper and should be explicitly declared and consented to.
Install Mechanism
Install uses GitHub releases (curl to GitHub releases URL piped to tar -xz and extracted under ~/.crabwalk then copied to ~/.local/bin). Using GitHub releases is a reasonable distribution mechanism, but the script extracts a remote archive to the user's home and places a binary on disk — this is more invasive than an instruction-only skill with no install steps and should be treated as executing third-party code.
Credentials
The registry lists no required env vars or config paths, yet the CLI and docs state the tool auto-detects a gateway token from ~/.openclaw/openclaw.json and accepts a --token flag. That means the skill will access local credential material even though the manifest doesn't declare it. Requesting/using local gateway auth tokens is proportional to a monitor, but the lack of declaration is an inconsistency and a privacy/credential-exposure concern.
Persistence & Privilege
The skill is not marked always:true, but disableModelInvocation is not set, so the model could invoke the skill (or follow its instructions) autonomously. Because the instructions install and run a server that can be bound to all interfaces and read local gateway tokens, allowing autonomous invocation without explicit declaration increases risk of unintended installation or exposure. The install also suggests using sudo for system package installation (qrencode), which elevates privilege if followed.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install crabwalk
  3. After installation, invoke the skill by name or use /crabwalk
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Added a new step guiding users to request feedback from humans after some usage. - Introduced instructions for capturing and submitting user-reported issues as feedback. - Provided links to submit and view feedback directly within the documentation. - No changes to CLI or server functionality; documentation improvements only.
v0.1.1
- Updated skill metadata: version bumped to 1.0.9 and added homepage, repository, emoji, and category. - Introduced a comprehensive SKILL.md with setup instructions, CLI usage, features, requirements, update process, and install scripts. - Added clear steps for installation, verification, startup, and sharing the monitor link. - Detailed available CLI commands and options for easier reference. - Included feature overview (real-time activity graph, workspace features, gateway token auto-detection). - Provided guidelines for safe updating and manual update instructions.
Metadata
Slug crabwalk
Version 0.1.2
License
All-time Installs 13
Active Installs 11
Total Versions 2
Frequently Asked Questions

What is Crabwalk?

Real-time companion monitor for OpenClaw agents. It is an AI Agent Skill for Claude Code / OpenClaw, with 2684 downloads so far.

How do I install Crabwalk?

Run "/install crabwalk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Crabwalk free?

Yes, Crabwalk is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Crabwalk support?

Crabwalk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Crabwalk?

It is built and maintained by luccasveg (@luccast); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments