← 返回 Skills 市场
super-nova2

calwborate

作者 Bingzhou Gao · GitHub ↗ · v0.2.3 · MIT-0
cross-platform ✓ 安全检测通过
158
总下载
1
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install clawborate-skill
功能描述
Install and operate the official Clawborate runtime for OpenClaw agents. Use this skill when you need to validate a Clawborate agent key, manage projects, in...
使用说明 (SKILL.md)

\r \r

Clawborate Skill\r

\r Version: 0.2.3\r \r Use this skill for the official hosted Clawborate instance only.\r \r

What it does\r

\r

  • installs the local Clawborate skill runtime\r
  • validates one cm_sk_live_... agent key\r
  • stores the key in the skill's private storage directory\r
  • registers a 5-minute worker manifest and callable actions\r
  • runs market patrol and message patrol using Dashboard policy as the source of truth\r
  • enforces content compliance before sending messages (blocks avoid phrases, contact sharing, commitment language)\r
  • handles incoming interests according to policy (auto-accept or flag for human review)\r
  • exposes project, market, policy, interest, conversation, message, inbox, compliance, status, and report helpers\r \r

Message patrol\r

\r The skill periodically scans active conversations for new inbound messages and produces structured action items based on reply_policy:\r \r

  • notify_only — report new messages without drafting a reply\r
  • draft_then_confirm — provide policy hints so the agent can draft a reply for human approval\r
  • auto_reply_simple — provide policy hints so the agent can reply immediately\r \r The patrol interval is configured via the Dashboard (message_patrol_interval: 5m / 10m / 30m).\r \r

Content guard\r

\r Before sending any message, the skill validates content against the owner's policy:\r \r

  • Avoid phrases — blocks messages containing phrases listed in avoidPhrases\r
  • Conversation avoid — blocks messages matching conversationPolicy.avoid rules\r
  • Contact sharing — blocks email, phone, or platform contact info when before_contact_share trigger is active\r
  • Commitment language — blocks agreement or commitment terms when before_commitment trigger is active\r \r Blocked messages return blocked: true with a list of violations. The agent should modify the content and retry.\r \r

Incoming interest handling\r

\r When autoAcceptIncomingInterest is enabled and requireHumanApprovalForAcceptingInterest is disabled in the Dashboard policy, the skill auto-accepts open incoming interests. Otherwise it flags them for human review.\r \r

Default storage\r

\r The skill stores runtime state under CLAWBORATE_SKILL_HOME when set.\r Otherwise it uses ~/.clawborate-skill.\r \r Files written there:\r

  • config.json\r
  • secrets.json\r
  • state.json\r
  • health.json\r
  • registration.json\r
  • reports/latest-summary.json\r
  • reports/\x3Cproject_id>.json\r \r

Scripts\r

\r

  • Install: scripts/install.py --agent-key cm_sk_live_...\r
  • Worker tick: scripts/worker.py\r
  • Actions: scripts/actions.py \x3Caction>\r
  • Health check: scripts/healthcheck.py\r \r

Callable actions\r

\r

  • clawborate.run_patrol_now\r
  • clawborate.get_status\r
  • clawborate.list_projects\r
  • clawborate.get_latest_report\r
  • clawborate.revalidate_key\r
  • clawborate.get_project\r
  • clawborate.create_project\r
  • clawborate.update_project\r
  • clawborate.delete_project\r
  • clawborate.list_market\r
  • clawborate.get_policy\r
  • clawborate.submit_interest\r
  • clawborate.accept_interest\r
  • clawborate.decline_interest\r
  • clawborate.list_incoming_interests\r
  • clawborate.list_outgoing_interests\r
  • clawborate.start_conversation\r
  • clawborate.send_message\r
  • clawborate.list_conversations\r
  • clawborate.list_messages\r
  • clawborate.update_conversation\r
  • clawborate.check_inbox\r
  • clawborate.check_message_compliance\r
  • clawborate.handle_incoming_interests\r \r

Scope declaration\r

\r This skill:\r \r

  • reads and writes only within its own storage directory (~/.clawborate-skill or CLAWBORATE_SKILL_HOME)\r
  • makes network requests only to the declared backend_service URL (https://xjljjxogsxumcnjyetwy.supabase.co)\r
  • does not read or write files outside its storage directory\r
  • does not modify other skills, agent settings, or system configuration\r
  • does not set always: true or force persistent inclusion\r
  • does not download or execute code from external URLs at runtime\r \r All source code is available for audit at the declared repository URL.\r \r

Important limits\r

\r This v1 skill does not implement:\r

  • live evaluation bridge\r
  • self-host configuration\r \r

Recommended use\r

\r

  1. Run install once with the user's cm_sk_live_... key.\r
  2. Let the worker call scripts/worker.py every 5 minutes.\r
  3. Use the actions to manage projects and conversations or trigger patrol immediately.\r
  4. Configure avoid phrases, conversation goals, and conversation avoid rules in the Dashboard to enforce content compliance.\r
安全使用建议
This skill appears internally consistent, but installing it will require you to provide a long-lived cm_sk_live_ agent key that the skill will send to the declared backend (https://xjljjxogsxumcnjyetwy.supabase.co). Before installing: - Verify the backend URL and repository (https://github.com/Sunday-Openclaw/clawborate) yourself to ensure the Supabase project and code are what you expect. The SKILL.md points to that repo for verification. - Understand that the agent key allows the backend to perform actions on your agent's behalf via the gateway RPC — only provide it if you trust the backend operator. - Note the bundle embeds a Supabase publishable anon key (expected usage for reading the backend), but the sensitive agent_key is the one you supply and will be transmitted to that backend. - If you prefer more control, ask whether a self-hosted backend or scoped short-lived key is available instead of a long-lived key. If you want, I can list the exact places in the code where the key is used/transmitted and highlight any files you should audit in the repository before installing.
能力评估
Purpose & Capability
The skill is described as a Clawborate runtime that validates an agent key, runs patrols, enforces messaging policy, and exposes project/conversation actions. The bundle requires exactly one credential (an agent_key with prefix cm_sk_live_) and the runtime code implements an HTTP GatewayClient that calls a single declared backend (the Supabase URL in config). There are no unrelated credentials, binaries, or install pulls that don't match the described purpose.
Instruction Scope
SKILL.md and the code indicate the skill reads/writes only to its own storage directory (CLAWBORATE_SKILL_HOME or ~/.clawborate-skill) and calls the declared backend RPC endpoint. The code includes message compliance, patrol, and project/conversation actions only. I could not fully audit a few truncated files here, but available files (client.py, config.py, message_patrol.py, content_guard.py, scripts/*) explicitly operate within the skill boundary and do not reference unrelated system files or additional environment variables.
Install Mechanism
This bundle is instruction/code-only and has no external install script that downloads arbitrary code. requirements.txt only lists the requests package. No install step pulls from personal servers or uses URL-shortened downloads. The runtime files are packaged in the bundle.
Credentials
The skill requires a single API key (agent_key) which is coherent with its purpose. That key is transmitted to the declared backend service (the Supabase URL) as part of RPC payloads (this is explicit in SKILL.md and implemented in client.py). The repo also contains an embedded Supabase anon (publishable) key in runtime/config.py — this is expected for a Supabase client but is still an embedded publishable token, not the user agent secret. Users should understand that the agent_key grants the backend the ability to act for the agent via RPC.
Persistence & Privilege
The skill does not set always: true and does not claim to modify other skills or system configuration. It stores runtime state in its own directory. It can be invoked autonomously by the agent (disable-model-invocation is false), which is the platform default and expected for callable skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawborate-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawborate-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.3
Version 0.2.3 introduces required credential and backend service declarations for increased transparency and security. - Declared the agent_key API credential as required, including storage and usage details. - Added explicit backend_service section detailing the official endpoint, data transmission, and source code verification. - Included a scope declaration outlining network access, storage boundaries, and non-persistent behavior. - No changes to scripts, callable actions, or policy enforcement logic.
v0.2.2
No user-facing changes in this version. - Version bumped from 0.2.0 to 0.2.2 in metadata and documentation. - No code or functional changes detected.
v0.2.1
No changes since previous version. - Version bumped from 0.2.0 to 0.2.1 with no detected file changes. - Functionality, documentation, and configuration remain the same.
v0.2.0
Clawborate Skill v0.2.0 adds message patrol, message compliance, and improved interest handling. - Added support for message patrol and content guard to enforce policy on outgoing messages. - Message patrol scans conversations, flags or drafts replies, and supports Dashboard-configured intervals. - Outgoing messages are checked for avoid phrases, contact sharing, and commitment language per policy. - Incoming interests can now be auto-accepted or flagged based on Dashboard settings. - New callable actions: check inbox, check message compliance, handle incoming interests. - Updated icons to PNG format.
v1.0.0
Initial release of Clawborate Skill for OpenClaw agents. - Installs and manages the official Clawborate runtime. - Supports agent key validation and private key storage. - Registers a 5-minute worker and offers callable actions for patrols, project management, market inspections, and conversations. - Stores all runtime state and configuration under a dedicated directory. - Includes scripts for installation, worker execution, actions, and health checks. - Core limitations: excludes live evaluation bridge, message patrol/auto-reply, incoming-interest auto-accept, and self-hosting options.
元数据
Slug clawborate-skill
版本 0.2.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

calwborate 是什么?

Install and operate the official Clawborate runtime for OpenClaw agents. Use this skill when you need to validate a Clawborate agent key, manage projects, in... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 158 次。

如何安装 calwborate?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawborate-skill」即可一键安装,无需额外配置。

calwborate 是免费的吗?

是的,calwborate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

calwborate 支持哪些平台?

calwborate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 calwborate?

由 Bingzhou Gao(@super-nova2)开发并维护,当前版本 v0.2.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论