← Back to Skills Marketplace
102
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install paperclip-resilience
Description
Production resilience patterns for Paperclip AI agent orchestration. Spawn-with-fallback, model rotation, run recovery, blocker routing, and task injection —...
Usage Guidance
What to check before installing / running this skill:
- Credentials: The skill needs Paperclip API credentials (PAPERCLIP_API_URL, PAPERCLIP_API_KEY, PAPERCLIP_COMPANY_ID, etc.) and at least one or two LLM provider API keys for fallback behavior. The registry metadata did not list these env vars — do not assume none are required. Provide least-privilege keys and use scoped API tokens where possible.
- Config review: Inspect config.json (and config.example.json) before use. The skill will read/write files under your home directory (defaults: ~/.openclaw/*, ~/.openclaw/model-rotation-state.json, optional Tasks.md and Journal files). Make sure paths and fallbacks point to providers you control.
- File access & privacy: Blocker-routing scans session transcripts and may read markdown files referenced in agent outputs; if you enable webhook routing, these findings could be POSTed to an external URL. Ensure webhook endpoints are trusted and consider disabling webhook routing if unsure.
- Network endpoints: paperclip-issue-gate and run-recovery call the Paperclip API (PAPERCLIP_API_URL). Confirm the API_URL and keys are correct and limited. Review where any configured webhook URLs point before enabling them.
- State persistence: model-rotation stores state in a JSON file by default (~/.openclaw). If you need ephemeral operation, change statePath or run with an isolated account/container.
- Test in isolation: Run the provided tests and dry-run flags (e.g., --dry-run) in a safe environment to observe behavior before scheduling cron jobs. Prefer using --no-write or mocks for API calls when validating.
- Audit and mitigate: Because the registry omitted required env vars, treat this package as having incomplete metadata. If you will deploy it in production, request the author/maintainer clarify the declared required environment variables and consider running it in an isolated runtime with scoped credentials.
If you want, I can list all env vars and file paths referenced by the code and suggest minimal scoping for credentials and filesystem locations.
Capability Analysis
Type: OpenClaw Skill
Name: paperclip-resilience
Version: 1.1.0
The paperclip-resilience skill bundle provides a suite of tools for managing AI agent reliability, including model fallback, run recovery, and task enrichment. The code demonstrates a high level of security awareness, featuring extensive input validation and path sanitization in `src/spawn-with-fallback.js` to prevent path traversal and command injection. It uses `execFile` for process execution and implements a comprehensive security test suite (`tests/test-security.js`) and a self-documented audit report (`SECURITY-AUDIT-REPORT.md`). The interactions with the Paperclip API and local filesystem are consistent with the stated purpose of agent orchestration and resilience.
Capability Assessment
Purpose & Capability
The modules (spawn-with-fallback, run-recovery, model-rotation, blocker-routing, task-injection) align with the skill description: they orchestrate Paperclip + OpenClaw runs, rotate models, and detect/recover failures. However, the skill requires Paperclip API credentials and provider API keys (documented in SKILL.md and present in code) but the registry metadata declares no required environment variables — that's an inconsistency.
Instruction Scope
SKILL.md instructs running node scripts that call OpenClaw/ Paperclip endpoints and read config.json. The included code goes further: it queries Paperclip APIs, may create issues, scans session transcripts under ~/.openclaw, reads referenced Tasks/Journal/Project board markdown files, writes state to ~/.openclaw/model-rotation-state.json, and can POST to configurable webhooks. Those behaviors are within the stated resilience purpose but broaden the runtime surface (local home-directory file access + network requests to configurable endpoints).
Install Mechanism
No installation/download step is present (instruction-only installation via clawhub). No external binary downloads or package installs are required by package.json — low install mechanism risk.
Credentials
The code expects several environment variables (e.g., PAPERCLIP_API_URL, PAPERCLIP_API_KEY, PAPERCLIP_COMPANY_ID, PAPERCLIP_AGENT_ID, PAPERCLIP_PROJECT_ID, PAPERCLIP_RESILIENCE_CONFIG, optional BLOCKER_* env vars), and SKILL.md warns that multiple LLM provider API keys must be configured. Yet the registry metadata lists no required env vars. This is a mismap: the skill legitimately needs sensitive credentials (Paperclip API key and provider keys) but the manifest doesn't declare them, which can mislead operators about the privileges the skill will use.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It persists state and logs under the user's home (~/.openclaw and configured paths) and writes config/state files (model-rotation state, potential blockers journal, config.json). This is expected for an orchestration tool but means it will create and read persistent files in user home and therefore should be run with appropriate permissions and file-path review.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install paperclip-resilience - After installation, invoke the skill by name or use
/paperclip-resilience - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Add interactive setup wizard (scripts/setup.js) and architecture documentation (docs/architecture.md)
v1.0.0
Initial OSS release: spawn-with-fallback, model-rotation, run-recovery, blocker-routing, task-injection. Security-audited for ClawHub publication (SUP-453).
Metadata
Frequently Asked Questions
What is Paperclip Resilience?
Production resilience patterns for Paperclip AI agent orchestration. Spawn-with-fallback, model rotation, run recovery, blocker routing, and task injection —... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.
How do I install Paperclip Resilience?
Run "/install paperclip-resilience" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Paperclip Resilience free?
Yes, Paperclip Resilience is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Paperclip Resilience support?
Paperclip Resilience is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Paperclip Resilience?
It is built and maintained by levineam (@levineam); the current version is v1.1.0.
More Skills