← 返回 Skills 市场
borisolver

CleanApp Report Submission

作者 borisolver · GitHub ↗ · v0.1.1
cross-platform ✓ 安全检测通过
1023
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install cleanapp
功能描述
Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. Your observations become actionable — routed...
使用说明 (SKILL.md)

SKILL: CleanApp Ingest v1 (OpenClaw/ClawHub)

This is a skill package that lets an agent submit reports into CleanApp using the Fetcher Key System:

  • POST /v1/fetchers/register (one-time key issuance)
  • POST /v1/reports:bulkIngest (bulk ingest, quarantine-first)
  • GET /v1/fetchers/me (introspection)

This is not a long-lived agent running inside the CleanApp backend. It’s a client-side integration that talks to CleanApp over HTTPS.

Why This Is Safe (Compartmentalized)

  1. The only secret in the agent is a revocable CleanApp API key (CLEANAPP_API_TOKEN).
  2. New keys default to a quarantine lane on the backend:
    • Stored + analyzed
    • Not publicly published
    • Not routed to brands/municipalities
    • Not rewarded
  3. The backend enforces:
    • rate limits / quotas
    • idempotency (source_id)
    • kill switches (revoke/suspend)

So even if an agent is prompt-injected, the blast radius is limited to “submitting more quarantined reports” until the key is revoked.

Required Secret

  • CLEANAPP_API_TOKEN (Bearer token). Get it once via:
    • POST /v1/fetchers/register (see references/API_REFERENCE.md)
    • Store it as a ClawHub/OpenClaw secret; never paste into chat logs.

Optional env:

  • CLEANAPP_BASE_URL (default https://live.cleanapp.io)

Data Handling (Minimal by Default)

This skill submits:

  • title, description (text)
  • optional lat/lng (location)
  • optional media[] metadata (URL/SHA/content-type)

Recommended low-risk defaults:

  • --approx-location (round coordinates to reduce precision)
  • --no-media (drop media metadata unless needed)

Idempotency (Important)

Every item must include a stable source_id. The backend enforces:

  • UNIQUE(fetcher_id, source_id)
  • retries won’t duplicate rows if you reuse the same source_id

Usage

Bulk ingest from JSON (recommended)

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
python3 ingest.py \\
  --base-url https://live.cleanapp.io \\
  --input examples/sample_items.json \\
  --approx-location \\
  --no-media

Dry run (no network)

python3 ingest.py --input examples/sample_items.json --dry-run

Single-item helper (shell)

This is useful for quick manual submissions while debugging.

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
./scripts/submit_report.sh --title "Broken elevator" --description "Stuck on floor 3" --lat 34.0702 --lng -118.4441 --approx-location

Promotion (Out of Quarantine)

Promotion is a reviewed process. As you build reputation, CleanApp can:

  • raise caps
  • allow public publishing/routing/rewards

See:

  • POST /v1/fetchers/promotion-request
  • GET /v1/fetchers/promotion-status

References

  • Swagger UI: https://live.cleanapp.io/v1/docs
  • OpenAPI YAML: https://live.cleanapp.io/v1/openapi.yaml
  • references/API_REFERENCE.md in this package
安全使用建议
This package appears to do exactly what it says: build JSON report payloads and POST them to CleanApp. Before installing or running it, consider the following: - Expect to provide one secret: CLEANAPP_API_TOKEN (a Fetcher API key). Store it as a secret in your platform rather than pasting into chat or logs. The manifest and SKILL.md require it even though the top-level registry note omitted it. - Test using --dry-run first to confirm payload shape and that approximate-location / no-media options behave as you expect. - Use a low-privilege / quarantine fetcher key for initial testing and rotate/revoke it after use. Don’t use a production/promoted key until you’ve validated behavior. - Review the included scripts (ingest.py and scripts/submit_report.sh) yourself — they are small and readable; there is no remote fetching or obfuscated code in the package. - If you plan to run this in an automated agent, ensure the token is scoped and monitored (rate limits, quotas, and ability to revoke). The only real issue is the metadata mismatch about required env vars (packaging error). If that is corrected, the skill is internally coherent.
功能分析
Package: cleanapp_ingest_v1 (xpi) Version: 1.0.1 Description: Bulk submit problem signals (bugs/incidents/feedback) to CleanApp via /v1/reports:bulkIngest (quarantine by default). The `cleanapp_ingest_v1` package is designed to submit problem signals to the CleanApp API. The analysis of the full source code reveals a well-structured and security-conscious implementation. Key security features include: 1. **Explicit Secret Handling**: The `CLEANAPP_API_TOKEN` is declared as a required secret and is retrieved exclusively from environment variables, preventing hardcoding and promoting secure secret management. 2. **Dry Run Mode**: Both the `ingest.py` Python script and the `submit_report.sh` shell helper script implement a `--dry-run` option, allowing users to inspect the exact JSON payload and target URL before any network requests are made. This provides transparency and a crucial security control. 3. **Controlled Network Communication**: The package uses standard Python `urllib.request` or `curl` for HTTPS communication. The target URL defaults to `https://live.cleanapp.io` but can be configured via an environment variable, which is a standard practice for API clients. The API key is sent securely as a Bearer token in the Authorization header. 4. **Data Handling Policies**: Options are provided to redact media metadata (`--no-media`) and to approximate or remove location data (`--approx-location`, `--no-location`), enhancing privacy and control over sensitive information. 5. **Idempotency Enforcement**: The `ingest.py` script validates that each item has a `source_id`, and `submit_report.sh` generates a unique `source_id` if not provided, supporting the CleanApp API's idempotency requirements to prevent duplicate submissions. 6. **Safe Command Execution**: Shell scripts use `set -euo pipefail` for robustness and employ Python for safe JSON payload construction and coordinate rounding, mitigating shell injection risks. No dynamic `eval` or remote script fetching is observed. 7. **Clear Documentation**: The `README.md`, `SKILL.md`, and `API_REFERENCE.md` files clearly outline the package's purpose, security goals, data handling, and the 'quarantine-first' nature of the CleanApp ingest system, which limits the blast radius of new or unverified data submissions. The package's functionality aligns with its stated purpose, and its design incorporates multiple layers of security best practices, making it benign.
能力评估
Purpose & Capability
Name, description, SKILL.md, and code all align: the skill submits problem reports to CleanApp's /v1/reports:bulkIngest. The code only makes HTTPS calls to the declared base URL and manipulates user-provided JSON payloads. Minor packaging inconsistency: the top-level registry metadata in the provided bundle claims 'Required env vars: none' and 'Primary credential: none', but the package manifest and SKILL.md declare CLEANAPP_API_TOKEN as a required secret. This appears to be a packaging/metadata error rather than functional misalignment.
Instruction Scope
SKILL.md and scripts restrict behavior to building payloads, applying optional location/media redaction, and POSTing to CleanApp. There is a true dry-run mode that prints payload without network. The runtime instructions do not request reading unrelated system files or contacting other endpoints.
Install Mechanism
No remote downloads or install spec; this is an instruction+script package with all referenced scripts included. No dynamic fetching of remote scripts or execution of code from arbitrary URLs.
Credentials
Runtime code and SKILL.md require only a single bearer token (CLEANAPP_API_TOKEN) and optionally CLEANAPP_BASE_URL plus non-sensitive agent metadata env vars. That credential is proportionate to the described purpose. However, the registry-level 'Requirements' block provided to the evaluator lists no required env vars, while manifest.json and SKILL.md declare CLEANAPP_API_TOKEN — this mismatch should be resolved (manifest/SKILL.md are correct for runtime behavior).
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges, does not modify other skills, and does not persist arbitrary tokens to other config locations. It performs standard client-side HTTP calls only when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cleanapp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cleanapp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
CleanApp v0.1.1 - Updated release of the CleanApp skill package for submitting any type of bug report, issue, improvement proposal, hazard (in digital as well as physical worlds). - Supports report submission to CleanApp using the Fetcher Key System and quarantine-first backend. - Includes bulk ingest via `ingest.py`, sample item JSON, and shell helper scripts. - Documentation and API reference files provided for setup, usage, and best practices. - Secure by design: uses revocable API tokens and compartmentalized data handling. - Promotion process and backend safety/introspection endpoints detailed.
v0.1.0
Initial release of CleanApp Report Submission - Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. - Reports are analyzed, enriched, and routed to responsible brands, municipalities, and regulators for action. - Supports detailed reporting including optional GPS, severity, classification, tags, brand, and images. - Includes API endpoint, request format, helper script, and best practices for submitting reports. - Dashboard, deduplication, AI-powered analysis, and report clustering included in workflow.
元数据
Slug cleanapp
版本 0.1.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

CleanApp Report Submission 是什么?

Submit real-world issue reports (trash, hazards, infrastructure problems) to CleanApp's global routing pipeline. Your observations become actionable — routed... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1023 次。

如何安装 CleanApp Report Submission?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cleanapp」即可一键安装,无需额外配置。

CleanApp Report Submission 是免费的吗?

是的,CleanApp Report Submission 完全免费(开源免费),可自由下载、安装和使用。

CleanApp Report Submission 支持哪些平台?

CleanApp Report Submission 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 CleanApp Report Submission?

由 borisolver(@borisolver)开发并维护,当前版本 v0.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论