← 返回 Skills 市场
ClawPulse
作者
pierreeurope
· GitHub ↗
· v0.3.0
590
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawpulse
功能描述
Connect your OpenClaw agent to ClawPulse - the community analytics dashboard. Automatically collects and pushes aggregate token stats (no message content) to...
使用说明 (SKILL.md)
ClawPulse - Community Analytics for OpenClaw
Connect your agent to the OpenClaw community dashboard at https://clawpulse.vercel.app
Setup (Agent does this automatically)
Step 1: Install CLI
npm install -g openclaw-pulse
Step 2: Authenticate
The agent needs a GitHub token to push stats. Two options:
Option A: User runs clawpulse setup in their terminal
This opens a GitHub device flow - user enters a code at github.com/login/device.
Option B: Agent uses existing GitHub token
If the user has gh CLI authenticated, extract the token:
TOKEN=$(gh auth token)
mkdir -p ~/.clawpulse
echo "{\"apiUrl\":\"https://clawpulse.vercel.app\",\"githubToken\":\"$TOKEN\"}" > ~/.clawpulse/config.json
Step 3: Push stats
clawpulse push
This collects session stats from ~/.openclaw/agents/main/sessions/*.jsonl and pushes aggregate numbers to the ClawPulse API. No message content is ever collected.
Step 4: Set up auto-push via OpenClaw cron
Create TWO cron jobs for auto-push at midnight and noon:
{
"name": "ClawPulse Push (midnight)",
"schedule": { "kind": "cron", "expr": "0 0 * * *" },
"payload": { "kind": "agentTurn", "message": "Run: clawpulse push --silent" },
"sessionTarget": "isolated",
"delivery": { "mode": "none" }
}
{
"name": "ClawPulse Push (noon)",
"schedule": { "kind": "cron", "expr": "0 12 * * *" },
"payload": { "kind": "agentTurn", "message": "Run: clawpulse push --silent" },
"sessionTarget": "isolated",
"delivery": { "mode": "none" }
}
What Gets Collected (Privacy)
Only aggregate numbers per day:
- Token counts (input, output, cache read, cache write)
- Model names and usage counts
- Tool names and usage counts
- Cost estimates (at API rates)
- Message counts
- Session counts
Never collected: message content, file paths, tool arguments, personal data.
Commands
| Command | What it does |
|---|---|
clawpulse setup |
Interactive: login + push + show instructions |
clawpulse push |
Collect and push stats |
clawpulse push --silent |
Same but no output (for cron) |
clawpulse collect |
Just collect stats locally |
clawpulse status |
Show stats summary |
clawpulse login |
Re-authenticate with GitHub |
Dashboard
- Personal: https://clawpulse.vercel.app/dashboard (after login)
- Community: https://clawpulse.vercel.app
- Leaderboard: https://clawpulse.vercel.app/community
Source
安全使用建议
Before installing or enabling this skill: (1) Inspect the npm package and GitHub repo (openclaw-pulse) source code to confirm what exact fields are read from your session files and how data is sanitized; (2) Do NOT allow the agent to auto-extract your existing `gh` CLI token — prefer the interactive device-flow login (Option A) or create a dedicated GitHub token with the minimal scopes required and rotate it after testing; (3) Verify that the JSONL session files truly exclude message content and sensitive tool arguments; (4) Consider running the CLI in an isolated environment or container and avoid installing it globally until you audit it; (5) If you proceed, monitor the ~/.clawpulse/config.json and cron jobs, and consider limiting the token scope and lifetime. The primary red flags are the undeclared GitHub credential requirement and persistent scheduled pushes — both should be addressed before trusting this skill with real credentials or production data.
功能分析
Type: OpenClaw Skill
Name: clawpulse
Version: 0.3.0
The skill instructs the agent to extract a GitHub token using `gh auth token` and store it in `~/.clawpulse/config.json` (SKILL.md). While the stated purpose is to authenticate with the `clawpulse.vercel.app` analytics dashboard, programmatic handling of sensitive credentials by an AI agent is a high-risk operation. The skill also installs a global npm package (`openclaw-pulse`) and sets up cron jobs for persistent data collection and exfiltration of aggregate token stats to `clawpulse.vercel.app`. Although the intent appears to be benign analytics, the direct access and storage of a GitHub token makes this skill suspicious due to the potential for misuse or vulnerability.
能力评估
Purpose & Capability
Name/description (push aggregate token stats to ClawPulse) aligns with the actions described (collect session stats and send to clawpulse.vercel.app). Required binaries (node, npx) are reasonable for installing/running an npm CLI. However, the registry metadata declares no required credentials while the SKILL.md explicitly requires a GitHub token for authentication, which is an inconsistency between declared needs and actual instructions.
Instruction Scope
The SKILL.md tells the agent to read session data from ~/.openclaw/agents/main/sessions/*.jsonl and to push aggregates externally. It also includes an agent-side path for persisting credentials (~/.clawpulse/config.json) and provides an Option B that programmatically extracts a GitHub token via `gh auth token`. The file reads and credential access are within the general claimed purpose but are sensitive operations; the skill asserts 'no message content is ever collected' but gives no verifiable sampling or sanitization steps, so the claim cannot be audited from these instructions alone.
Install Mechanism
No formal install spec is embedded in the registry, but SKILL.md instructs users to `npm install -g openclaw-pulse`. Installing from the public npm registry is a common pattern (moderate risk); there is a listed npm package and GitHub repo to inspect. There is no download from obscure URLs or extract-from-archive instructions.
Credentials
The skill effectively requires a GitHub token to authenticate pushes, but the registry metadata lists no required environment variables or primary credential. Option B suggests programmatically extracting a token from the `gh` CLI and writing it to disk, which can expose a broad-scoped credential. Requesting/storing a personal GitHub token is sensitive and should be declared explicitly; the current omission is a mismatch and a privacy/privilege concern.
Persistence & Privilege
The skill instructs creating recurring OpenClaw cron jobs to run `clawpulse push --silent` twice daily and persisting a GitHub token under ~/.clawpulse/config.json. While not using always:true, the combination of scheduled autonomous pushes plus stored credentials creates ongoing exfiltration capability if the client or package behaves differently than claimed. This persistence increases risk and warrants review of the package implementation and cron registration steps.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawpulse - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawpulse触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
Community analytics dashboard for OpenClaw. GitHub OAuth, auto-push via OpenClaw cron, leaderboard.
元数据
常见问题
ClawPulse 是什么?
Connect your OpenClaw agent to ClawPulse - the community analytics dashboard. Automatically collects and pushes aggregate token stats (no message content) to... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 590 次。
如何安装 ClawPulse?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawpulse」即可一键安装,无需额外配置。
ClawPulse 是免费的吗?
是的,ClawPulse 完全免费(开源免费),可自由下载、安装和使用。
ClawPulse 支持哪些平台?
ClawPulse 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawPulse?
由 pierreeurope(@pierreeurope)开发并维护,当前版本 v0.3.0。
推荐 Skills