← 返回 Skills 市场
279
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install iaterm-ws-client
功能描述
Interact with IATerm terminals via the local WebSocket API (ws://127.0.0.1:19790/ws). Use when the user asks to list workspaces, displays, or panels, view ac...
使用说明 (SKILL.md)
IATerm WebSocket Agent
Control IATerm terminals via the local WebSocket API.
CRITICAL: Always use the ws_client.py script
NEVER write inline WebSocket code. Always use the provided CLI script at scripts/ws_client.py (relative to this skill file).
Find the script path:
SKILL_DIR="$(dirname "$(find ~/.opc/skills -name ws_client.py -path "*/iaterm-ws-agent/*" 2>/dev/null | head -1)")"
WS_CLIENT="$SKILL_DIR/ws_client.py"
Prerequisites
pip install websockets 2>/dev/null || pip3 install websockets 2>/dev/null
Session ID (IMPORTANT)
IATERM_SESSION_ID environment variable must be set by the host application (e.g. IATerm) before invoking the client. Do NOT generate this value yourself — if the variable is missing, the client will exit with an error, indicating the host application has not properly initialized the session.
The first command triggers user approval in the IATerm UI. Once approved, the WS token is cached at ~/.cache/iaterm-ws-client/ws_token.json (permissions 0600). Subsequent commands reuse the cached token and skip approval.
If the token expires, the client automatically clears the cache and re-prompts for approval.
Operation Approval
send_input and subscribe_output require interactive confirmation before execution:
[Approval] send_input to conn-123: 'ls -la\
'
y = approve this time | n = reject | a = always approve for this target
[y/n/a]:
- y — approve this single invocation
- n — reject (command exits with error)
- a — always approve for this specific target (saved to
~/.cache/iaterm-ws-client/approval.json)
Use --auto-approve to skip all confirmation prompts (for automated pipelines):
python3 "$WS_CLIENT" --auto-approve send_input --connection-id \x3Cid> --data "ls\
"
Commands
List workspaces
python3 "$WS_CLIENT" list_workspaces
List displays for a workspace
python3 "$WS_CLIENT" list_displays --workspace-id \x3Cid>
List panels (all or filtered by workspace)
python3 "$WS_CLIENT" list_panels
python3 "$WS_CLIENT" list_panels --workspace-id \x3Cid>
Get panel info
python3 "$WS_CLIENT" get_panel_info --panel-id \x3Cid>
List active connections
IMPORTANT: list_connections only returns remote connections (SSH, Serial, JumpServer). Local terminal connections are automatically filtered out by the backend. If this command returns connections, they are ALL remote — do NOT judge by the name field. Always check the connection_type field to determine the actual type:
ssh— SSH remote connectionserial— Serial port connection
If the result is empty, it means there are no active remote connections (local terminals may still exist but are excluded from this API).
python3 "$WS_CLIENT" list_connections
python3 "$WS_CLIENT" list_connections --type ssh
Send input to a terminal
python3 "$WS_CLIENT" send_input --connection-id \x3Cid> --data "ls -la\
"
Use \ for Enter, for Tab, \x03 for Ctrl-C.
Subscribe to terminal output (long-lived, Ctrl-C to stop)
python3 "$WS_CLIENT" subscribe_output --connection-id \x3Cid>
How it works
- Each command establishes an independent WebSocket connection, executes, and disconnects.
- First connection — sends
identify(session_id)→ user approves in IATerm UI (up to 60s) → receivesws_token→ cached to disk. - Subsequent connections — sends
identify(session_id + cached token)→ server recognizes the token → skips approval → executes immediately. - Token expiry — if the server rejects a cached token (error -15 or
connection_rejected), the client clears the cache and retries with a fresh approval flow. - Approval gate —
send_inputandsubscribe_outputprompt for interactive confirmation (y/n/a) unless--auto-approveis set.
Configuration
| Env Variable | Default | Description |
|---|---|---|
IATERM_SESSION_ID |
(required) | Stable identifier for this agent session |
IATERM_WS_PORT |
19790 |
WebSocket server port |
XDG_CACHE_HOME |
~/.cache |
Base directory for token/approval cache |
Changelog
v2.0.0 — 无 Daemon 直连架构 + 安全防护增强
架构重写:去 Daemon 化
- 删除
WsDaemon类、Unix socket IPC、daemon 生命周期管理(_send_msg/_recv_msg/_start_daemon_bg/_stop_daemon等) - 删除
daemon、stop子命令和--session参数 - 删除不再需要的 imports:
signal、socket、struct、subprocess - 每条命令独立建立 WS 连接,执行完断开,无常驻后台进程
连接与认证
- Session ID 从
IATERM_SESSION_ID环境变量获取,由宿主应用设置,禁止自行生成,缺失则报错退出 - 首次连接:
identify(session_id)→ IATerm UI 审批 → 获得ws_token→ 缓存至~/.cache/iaterm-ws-client/ws_token.json(权限 0600) - 后续连接:
identify(session_id + cached token)→ 服务端识别 → 跳过审批 → 直接执行 - Token 失效(error -15 或
connection_rejected)时自动清缓存,重走审批流程
操作审批
send_input/subscribe_output执行前交互式确认:y(本次通过)/ n(拒绝)/ a(始终通过)- 选
a记入~/.cache/iaterm-ws-client/approval.json,后续同目标操作自动通过 --auto-approveCLI 参数跳过所有确认(用于自动化流水线)
文档补充
list_connections明确只返回远程连接(SSH/Serial/JumpServer),本地终端被后端过滤- 连接类型判断统一使用
connection_type字段,不依赖name字段
v1.0.2 — Security scan compliance
- Daemon startup via
subprocess.Popen(start_new_session=True) - State directory moved to
~/.cache/iaterm-ws-client/(XDG) - Explicit
.replace()escapes instead of.encode().decode("unicode_escape") - Session token written to file (permissions 0600) instead of stderr
Typical Workflow
# IATERM_SESSION_ID is set by the host application — do not generate it manually
# 1. Connect — first call triggers approval in IATerm UI
python3 "$WS_CLIENT" list_workspaces
# 2. Discover — find the connection_id (token cached, no re-approval)
python3 "$WS_CLIENT" list_panels
python3 "$WS_CLIENT" list_connections
# 3. Execute — send command to a terminal (prompts for approval)
python3 "$WS_CLIENT" send_input --connection-id \x3Cid> --data "ls -la\
"
# 4. Read — get terminal output
python3 "$WS_CLIENT" subscribe_output --connection-id \x3Cid>
API Reference (for understanding responses)
Response format
- Success:
{ "result": { ... } } - Error:
{ "error": { "code": \x3Cint>, "message": "..." } }
Error codes
| Code | Meaning |
|---|---|
| -1 | Method not found |
| -2 | Invalid params |
| -3 | Internal error |
| -5 | Connection not found |
| -6 | Rate limited |
| -14 | Connection limit (another client connected) |
| -15 | Auth failed (invalid or missing token) |
Key object fields
- workspace:
id,name,description,is_default,sort_order - display:
id,workspace_id,display_index,name - panel:
id,workspace_id,connection_id,display_id,name,grid_row,grid_column - connection:
id,name,connection_type(use this to determine type, NOTname),status,created_at,bytes_sent,bytes_received
Important Notes
- IATerm must be running for the API to be available
- The API only binds to 127.0.0.1; not accessible remotely
- First connection requires user approval in IATerm UI (60s timeout)
- Only one client connection allowed at a time
send_inputis rate-limited to 30 calls/sec per connectionconnection_idcomes fromlist_connectionsor panel'sconnection_idfield
Custom Theme Format
Custom themes are stored as JSON in ~/.iaterm/themes/{theme-id}.json. Optional CSS override: ~/.iaterm/themes/{theme-id}.css.
{
"id": "my-theme",
"name": "my-theme",
"displayName": "My Theme",
"type": "dark",
"designRationale": "Design description (200-500 chars)",
"variables": {
"backgroundPrimary": "#0d1117",
"backgroundSecondary": "#161b22",
"backgroundTertiary": "#21262d",
"backgroundCard": "#1c2128",
"backgroundCardHover": "#262c36",
"textPrimary": "#e6edf3",
"textSecondary": "#8b949e",
"textMuted": "#484f58",
"accentPrimary": "#58a6ff",
"error": "#f85149",
"success": "#3fb950",
"warning": "#d29922",
"borderPrimary": "#30363d",
"borderSubtle": "#21262d",
"borderAccent": "#58a6ff",
"iconDefault": "#8b949e",
"iconHover": "#e6edf3"
}
}
type:"light"|"dark"|"auto"- All color values: hex format (
#rrggbbor#rrggbbaa) - CSS variables auto-mapped:
backgroundPrimary→--color-background-primary
安全使用建议
This skill appears to do what it says: a local WebSocket client for IATerm. Before installing: (1) confirm the host application will set IATERM_SESSION_ID (do not generate it yourself); (2) be cautious about enabling --auto-approve or choosing 'always' during approval prompts because that removes interactive safeguards; (3) note the skill will create ~/.cache/iaterm-ws-client/ws_token.json and approval.json (0600) — inspect these if you need to revoke access; (4) the package metadata does not list the required IATERM_SESSION_ID env var, so prefer to inspect the included scripts (ws_client.py) yourself and confirm there are no additional unexpected behaviors before granting the agent autonomous invocation.
功能分析
Type: OpenClaw Skill
Name: iaterm-ws-client
Version: 1.0.4
The skill bundle provides a legitimate CLI client (ws_client.py) for interacting with the IATerm terminal application via a local WebSocket API. It includes proactive security measures such as restricted file permissions (0600) for cached tokens, a local interactive approval gate for sensitive operations like sending terminal input, and strictly binds to the localhost interface (127.0.0.1).
能力评估
Purpose & Capability
Name/description, SKILL.md, and the included Python client all describe a local WebSocket client for IATerm (ws://127.0.0.1:19790/ws). The requested capabilities match the stated purpose. Minor inconsistency: SKILL metadata declared 'Required env vars: none' but the client requires IATERM_SESSION_ID (documented as required).
Instruction Scope
SKILL.md confines actions to connecting to a local WebSocket API, prompting the user for approval for sensitive operations, and caching tokens/approvals under the user's XDG cache. It does not instruct reading unrelated system files or exfiltrating data to external hosts. It does instruct using a particular script path resolution (find under ~/.opc/skills) which is brittle but not malicious.
Install Mechanism
There is no install spec and no downloads; the skill is distributed as source (ws_client.py) and instructions tell you to pip install a single dependency ('websockets'). This is low risk compared to remote downloads or executing arbitrary installers.
Credentials
The client legitimately requires IATERM_SESSION_ID (and optionally IATERM_WS_PORT/XDG_CACHE_HOME). The skill metadata omitted declaring IATERM_SESSION_ID as required — this mismatch should be fixed. The only files written are token/approval cache files in ~/.cache/iaterm-ws-client with 0600 permissions.
Persistence & Privilege
The skill does not request 'always' or system-wide privileges. It writes per-user cache/approval files and can be run autonomously by the agent (normal default). Important: the CLI offers --auto-approve and persistent 'always' approvals stored in approval.json; enabling those reduces the interactive confirmation gate and increases the impact if the agent is misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install iaterm-ws-client - 安装完成后,直接呼叫该 Skill 的名称或使用
/iaterm-ws-client触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Version 1.0.4
- No code or documentation changes detected in this release.
- Functionality and interface remain unchanged from the previous version.
v1.0.3
### v1.0.3
- Session token is now written to a file (`~/.cache/iaterm-ws-client/session`, mode 0600) instead of printed to stderr, improving security and preventing token leaks.
- On initial connection, the client outputs `SESSION_FILE=<path>` to stderr; users should read the session token from this file for subsequent commands.
- Documentation updated to match new session token handling workflow.
- No code changes; documentation only.
v1.0.2
v1.0.2 — Security scan compliance
- Changed daemon startup to use subprocess.Popen (start_new_session=True) instead of os.fork(), improving process security.
- State directory moved from /tmp/iaterm-ws-client-{uid}/ to ~/.cache/iaterm-ws-client/ (XDG-compliant), eliminating use of /tmp for persistent data.
- Switched from .encode().decode("unicode_escape") to explicit .replace() for string substitution, reducing string obfuscation issues.
- Dependency update: removed import tempfile, added import subprocess.
v1.0.1
**Major update: Now requires all interactions via persistent ws_client.py script—no direct WebSocket or inline client code.**
- Switched to a persistent background daemon (ws_client.py) for all WebSocket communication; do not write inline connection logic.
- Session isolation enforced: capture and reuse SESSION token for all commands.
- Added instructions for discovering the ws_client.py path and environment setup.
- Detailed new usage flow, including persistent connection and security best practices.
- Deprecated previous inline protocol/usage details; users now call specific script commands only.
v1.0.0
Initial release of iaterm-ws-agent for interacting with IATerm terminals via WebSocket.
- Provides structured API for listing workspaces, displays, panels, and active terminal connections.
- Supports sending commands to terminals and subscribing to their output through JSON WebSocket protocol.
- Includes detailed instructions for installation, authentication, and API usage.
- Implements token-based security and localhost-only binding.
- Documents all standard methods, error codes, workflow, and theme customization.
元数据
常见问题
IATerm WebSocket Agent 是什么?
Interact with IATerm terminals via the local WebSocket API (ws://127.0.0.1:19790/ws). Use when the user asks to list workspaces, displays, or panels, view ac... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 279 次。
如何安装 IATerm WebSocket Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install iaterm-ws-client」即可一键安装,无需额外配置。
IATerm WebSocket Agent 是免费的吗?
是的,IATerm WebSocket Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
IATerm WebSocket Agent 支持哪些平台?
IATerm WebSocket Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 IATerm WebSocket Agent?
由 sutaixu(@sutaixu)开发并维护,当前版本 v1.0.4。
推荐 Skills