← Back to Skills Marketplace

OmniPermission (Human-in-the-Loop)

Name: OmniPermission (Human-in-the-Loop)
Author: tobiasyouki

by tobiasyouki · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

296

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install omnipermission

Description

Human-in-the-loop: A free, extensible framework for intercepting tool calls via the OmniPersona mobile app.

Usage Guidance

This plugin does what it claims (it intercepts tool calls and asks a mobile app for approval), but you should verify a few things before installing: 1) Confirm the backend domain (backend.ecrop.de) and the mobile app publisher are trustworthy and match the project you expect (the README links to GitHub/Apple/Play but the backend host is a different domain). 2) Understand that your OmniPersona secret key is stored in plaintext under the plugin state directory — treat it like a sensitive credential and ensure proper filesystem permissions/backups. 3) If you allow agents CLI access, they could change the plugin's blacklist or disable protections; run agents in a restricted environment if you need strong guarantees. 4) If you fork or modify the plugin to include richer context (agent reasoning, project IDs), be aware that this increases the data sent to the external backend. If you need higher assurance, ask the maintainer for an audit of the backend service, run the plugin against a local or self-hosted backend, or review the mobile app's privacy/security posture before entering your key.

Capability Analysis

Type: OpenClaw Skill Name: omnipermission Version: 1.0.2 The OmniPermission plugin is a legitimate security tool designed to provide human-in-the-loop governance for OpenClaw agents. It intercepts blacklisted tool calls via the 'before_tool_call' hook and requires manual approval through a mobile app (OmniPersona). The code handles a user-provided secret key and communicates with a dedicated backend (backend.ecrop.de) to facilitate push notifications, which is consistent with its stated purpose. No evidence of malicious intent, data exfiltration beyond the necessary service communication, or obfuscation was found.

Capability Assessment

ℹ Purpose & Capability

The name/description match the code: the plugin intercepts before_tool_call events, checks a user-configured blacklist, and requests mobile approval. Requesting and storing a secret key and contacting a backend for approval is consistent with a mobile push-approval flow. Minor mismatch: the README and SKILL.md reference a GitHub project and app store listing, but the backend host used in code is backend.ecrop.de / backend.dev.ecrop.de (a domain not documented elsewhere in the repo), which reduces verifiability.

ℹ Instruction Scope

Runtime instructions and code limit themselves to intercepting tool calls and sending a small approval payload to the backend. The SKILL.md explicitly instructs users to install the mobile app and paste a secret key. The code does not read other files or agent internals, but the README/SKILL.md encourage forking the plugin to include richer agent context (e.g., internal reasoning or project IDs), which would increase data exposure if implemented — the current shipped code however sends only a tool name and a generic message.

✓ Install Mechanism

This is an instruction-and-code plugin with no external install script or binary downloads. There is no install spec that pulls code from arbitrary URLs; the code is shipped in the bundle. This lowers install-chain risk compared to remote downloads.

⚠ Credentials

No environment variables are requested, which is appropriate. However, the plugin requires a 'Secret Key' entered by the user and stores it as plain text in state/omni_key.txt. That secret grants the backend the ability to correlate approvals to your installation; storing it unencrypted in plugin state increases risk (other local processes, backups, or misconfigured permissions could expose it). Also the plugin contacts external backend domains (production and dev), and the dev backend can be enabled by the user — using a dev backend may expose data to an alternate server.

ℹ Persistence & Privilege

The plugin registers gateway hooks and will intercept requests when enabled (this is expected for a gateway plugin). always:false and no attempt to modify other plugins or system-wide settings is good. However, the SKILL.md highlights an 'Agent-Managed' mode where an agent with CLI access could change the blacklist or clear protections; that risk depends on how you run agents and whether they have access to the openclaw CLI.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install omnipermission
After installation, invoke the skill by name or use /omnipermission
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

Initial public release

Metadata

Slug omnipermission

Version 1.0.2

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is OmniPermission (Human-in-the-Loop)?

Human-in-the-loop: A free, extensible framework for intercepting tool calls via the OmniPersona mobile app. It is an AI Agent Skill for Claude Code / OpenClaw, with 296 downloads so far.

How do I install OmniPermission (Human-in-the-Loop)?

Run "/install omnipermission" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OmniPermission (Human-in-the-Loop) free?

Yes, OmniPermission (Human-in-the-Loop) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OmniPermission (Human-in-the-Loop) support?

OmniPermission (Human-in-the-Loop) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OmniPermission (Human-in-the-Loop)?

It is built and maintained by tobiasyouki (@tobiasyouki); the current version is v1.0.2.

More Skills