← 返回 Skills 市场
OmniPermission (Human-in-the-Loop)
作者
tobiasyouki
· GitHub ↗
· v1.0.2
· MIT-0
296
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install omnipermission
功能描述
Human-in-the-loop: A free, extensible framework for intercepting tool calls via the OmniPersona mobile app.
安全使用建议
This plugin does what it claims (it intercepts tool calls and asks a mobile app for approval), but you should verify a few things before installing: 1) Confirm the backend domain (backend.ecrop.de) and the mobile app publisher are trustworthy and match the project you expect (the README links to GitHub/Apple/Play but the backend host is a different domain). 2) Understand that your OmniPersona secret key is stored in plaintext under the plugin state directory — treat it like a sensitive credential and ensure proper filesystem permissions/backups. 3) If you allow agents CLI access, they could change the plugin's blacklist or disable protections; run agents in a restricted environment if you need strong guarantees. 4) If you fork or modify the plugin to include richer context (agent reasoning, project IDs), be aware that this increases the data sent to the external backend. If you need higher assurance, ask the maintainer for an audit of the backend service, run the plugin against a local or self-hosted backend, or review the mobile app's privacy/security posture before entering your key.
功能分析
Type: OpenClaw Skill
Name: omnipermission
Version: 1.0.2
The OmniPermission plugin is a legitimate security tool designed to provide human-in-the-loop governance for OpenClaw agents. It intercepts blacklisted tool calls via the 'before_tool_call' hook and requires manual approval through a mobile app (OmniPersona). The code handles a user-provided secret key and communicates with a dedicated backend (backend.ecrop.de) to facilitate push notifications, which is consistent with its stated purpose. No evidence of malicious intent, data exfiltration beyond the necessary service communication, or obfuscation was found.
能力评估
Purpose & Capability
The name/description match the code: the plugin intercepts before_tool_call events, checks a user-configured blacklist, and requests mobile approval. Requesting and storing a secret key and contacting a backend for approval is consistent with a mobile push-approval flow. Minor mismatch: the README and SKILL.md reference a GitHub project and app store listing, but the backend host used in code is backend.ecrop.de / backend.dev.ecrop.de (a domain not documented elsewhere in the repo), which reduces verifiability.
Instruction Scope
Runtime instructions and code limit themselves to intercepting tool calls and sending a small approval payload to the backend. The SKILL.md explicitly instructs users to install the mobile app and paste a secret key. The code does not read other files or agent internals, but the README/SKILL.md encourage forking the plugin to include richer agent context (e.g., internal reasoning or project IDs), which would increase data exposure if implemented — the current shipped code however sends only a tool name and a generic message.
Install Mechanism
This is an instruction-and-code plugin with no external install script or binary downloads. There is no install spec that pulls code from arbitrary URLs; the code is shipped in the bundle. This lowers install-chain risk compared to remote downloads.
Credentials
No environment variables are requested, which is appropriate. However, the plugin requires a 'Secret Key' entered by the user and stores it as plain text in state/omni_key.txt. That secret grants the backend the ability to correlate approvals to your installation; storing it unencrypted in plugin state increases risk (other local processes, backups, or misconfigured permissions could expose it). Also the plugin contacts external backend domains (production and dev), and the dev backend can be enabled by the user — using a dev backend may expose data to an alternate server.
Persistence & Privilege
The plugin registers gateway hooks and will intercept requests when enabled (this is expected for a gateway plugin). always:false and no attempt to modify other plugins or system-wide settings is good. However, the SKILL.md highlights an 'Agent-Managed' mode where an agent with CLI access could change the blacklist or clear protections; that risk depends on how you run agents and whether they have access to the openclaw CLI.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install omnipermission - 安装完成后,直接呼叫该 Skill 的名称或使用
/omnipermission触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Initial public release
元数据
常见问题
OmniPermission (Human-in-the-Loop) 是什么?
Human-in-the-loop: A free, extensible framework for intercepting tool calls via the OmniPersona mobile app. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 296 次。
如何安装 OmniPermission (Human-in-the-Loop)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install omnipermission」即可一键安装,无需额外配置。
OmniPermission (Human-in-the-Loop) 是免费的吗?
是的,OmniPermission (Human-in-the-Loop) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OmniPermission (Human-in-the-Loop) 支持哪些平台?
OmniPermission (Human-in-the-Loop) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OmniPermission (Human-in-the-Loop)?
由 tobiasyouki(@tobiasyouki)开发并维护,当前版本 v1.0.2。
推荐 Skills