← Back to Skills Marketplace
Vestaboard
by
SeidProjects
· GitHub ↗
· v1.0.0
1819
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install vestaboard
Description
Read and write messages on a Vestaboard using the Vestaboard Cloud API (cloud.vestaboard.com) and optional legacy RW endpoint. Use when asked to display text on a Vestaboard, update a sign/board, show a short status message, render simple pixel-art using color/filled character codes, or retrieve the current board message.
Usage Guidance
This skill appears to be what it says (a Vestaboard client) and its code is readable. However: (1) the registry metadata incorrectly shows no required environment variables — in reality you must provide VESTABOARD_TOKEN (or legacy VESTABOARD_RW_KEY) and optionally VESTABOARD_API_BASE; verify and supply those securely (do not commit them). (2) Review scripts/vb.js and ENV.md yourself before running npm install. (3) Ensure your node runtime meets the undici requirement (Node >= 20.18.1). (4) If you enable autonomous invocation for an agent, be aware the agent could call the Vestaboard API whenever the skill is invoked; only grant the token to agents you trust. If the metadata omission is accidental, request the publisher update the registry entry to declare the required credentials before installing.
Capability Analysis
Type: OpenClaw Skill
Name: vestaboard
Version: 1.0.0
The skill is suspicious due to a risky capability in `scripts/vb.js`. The `vbWriteLayout` function reads a file path directly from command-line arguments using `readFileSync`. While intended for Vestaboard layout files, this allows an AI agent (if compromised via prompt injection) to be instructed to read arbitrary local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and attempt to send their content to the Vestaboard API endpoint (cloud.vestaboard.com). This presents a potential data exfiltration vector, even though the skill itself does not exhibit clear malicious intent.
Capability Assessment
Purpose & Capability
The name/description, SKILL.md, ENV.md, and scripts/vb.js all align: this skill reads and writes a Vestaboard via cloud.vestaboard.com (or legacy RW endpoint) and supports text or numeric layouts. The included preview/layout files and character-code reference are appropriate for the stated purpose.
Instruction Scope
Runtime instructions are confined to formatting text, reading local layout files, and making HTTP GET/POST calls to the Vestaboard API base. The SKILL.md and scripts only reference the declared Vestaboard endpoints and local content files; there is no unrelated file-system or network activity, no obfuscated endpoints, and no broad data collection.
Install Mechanism
This is instruction-plus-code (no install spec). The package.json requires the 'undici' npm package and SKILL.md suggests running 'npm install' — a standard npm dependency install. There are no downloads from arbitrary URLs or archive extraction. Note: undici package requires Node >=20.18.1 per package-lock.json; ensure your environment meets that.
Credentials
The skill requires secrets at runtime (VESTABOARD_TOKEN preferred; VESTABOARD_RW_KEY legacy; optional VESTABOARD_API_BASE) as shown in SKILL.md and ENV.md, but the registry metadata lists no required environment variables or primary credential. That metadata omission is an inconsistency — the skill does need credentials to operate and these should be declared in the registry entry.
Persistence & Privilege
The skill does not request permanent presence (always: false), does not modify other skills or system-wide settings, and has no special config-path requirements. Allowing autonomous invocation is the platform default; the skill itself does not request elevated persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vestaboard - After installation, invoke the skill by name or use
/vestaboard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Vestaboard skill.
- Read and write messages to a Vestaboard using the Vestaboard Cloud API or legacy RW endpoint.
- Supports displaying text, updating messages, showing short status, simple color pixel-art, and reading current board state.
- Requires secure token via environment variables (`VESTABOARD_TOKEN`, optional legacy `VESTABOARD_RW_KEY`).
- Automatically formats text input for Vestaboard’s 6x22 layout (uppercase, word wrap, truncates overflow).
- Includes CLI tools for previewing, reading, and writing board content.
Metadata
Frequently Asked Questions
What is Vestaboard?
Read and write messages on a Vestaboard using the Vestaboard Cloud API (cloud.vestaboard.com) and optional legacy RW endpoint. Use when asked to display text on a Vestaboard, update a sign/board, show a short status message, render simple pixel-art using color/filled character codes, or retrieve the current board message. It is an AI Agent Skill for Claude Code / OpenClaw, with 1819 downloads so far.
How do I install Vestaboard?
Run "/install vestaboard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vestaboard free?
Yes, Vestaboard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Vestaboard support?
Vestaboard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vestaboard?
It is built and maintained by SeidProjects (@seidprojects); the current version is v1.0.0.
More Skills