← 返回 Skills 市场
snarflakes

Openclaw Interaction Bridge

作者 snarflakes · GitHub ↗ · v1.6.3 · MIT-0
cross-platform ⚠ suspicious
149
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install openclaw-interaction-bridge
功能描述
Bridge OpenClaw agent interactions to any external program! The Snarling demo, for example, shows what the agent is doing and lets you approve or reject acti...
安全使用建议
This plugin is internally coherent with its stated purpose, but review and take these precautions before installing: - Source and provenance: the registry entry's Source/Homepage fields are empty; prefer installing from an official/trusted repository (or audit the included code) rather than an unknown origin. - Set OPENCLAW_APPROVAL_SECRET explicitly (strong secret) instead of relying on the generated UUID; verify Snarling will send that secret in callback JSON bodies. - Audit the gateway HTTP callback handlers (approval/notification callbacks and any stats endpoints) to ensure they require the approval secret and do not accept unauthenticated requests. If the code exposes stats endpoints without auth, that could leak usage information. - Confirm the WebSocket 'wake' behavior is acceptable: the external device can trigger agent resumes. If you need stricter controls, restrict which hosts can talk to the gateway or firewall the gateway ports so only the trusted companion device can reach them. - Note the docs say the tool blocks but the implementation returns immediately and uses TaskFlow/webhook resume; test the behavior with your workflows so you understand timing and UX. - If you plan to target a different host/port, prefer configuring through a vetted config mechanism; the plugin currently requires editing source constants (SNARLING_URL / CALLBACK_BASE_URL), which is fine but error-prone. If you want higher assurance, provide the full callback-handler code (the truncated portions) so it can be checked that incoming webhooks are validated and that there are no unexpected outbound network calls beyond localhost.
能力标签
crypto
能力评估
Purpose & Capability
The name/description (bridge agent state, approvals, notifications to a companion display) match the code and SKILL.md. The only declared env var (OPENCLAW_APPROVAL_SECRET) is appropriate for authenticating callbacks to the gateway. The plugin only talks to localhost endpoints (port 5000 for Snarling, port 18789 for gateway callbacks), which is consistent with a local companion device architecture.
Instruction Scope
The SKILL.md and README describe the plugin sending state and POSTing approval/notification payloads to a local Snarling service and exposing callback endpoints on the gateway — that is exactly what the code does. Two inconsistencies worth noting: (1) the docs sometimes say the approval tool 'blocks until a response comes back', but approval_tool.ts explicitly returns immediately and relies on a TaskFlow + webhook/resume model (the code comments explain blocking/polling causes context corruption). (2) The docs describe a WebSocket RPC wake that 'bypasses the gateway's requests-in-flight check' — this is a described behavior that increases the plugin's scope (it allows the external device to wake an agent session). Both are plausible design choices for this plugin but are behavior you should be aware of and audit if you need strict control over when sessions may be resumed.
Install Mechanism
There is no packaged install spec in the registry entry; the project expects the usual local extension workflow (clone repo, npm install, restart gateway). No off-host downloads or obscure URLs are used in the supplied files. package.json lists only a small dependency (@sinclair/typebox) and a peerDependency on OpenClaw; this is proportionate for a plugin of this type.
Credentials
Only OPENCLAW_APPROVAL_SECRET is declared and used. That secret is used to authenticate callback requests from the display service and is proportionate to the plugin's needs. The code will generate a random UUID if the env var isn't set — which is convenient but means callbacks will only work if the display knows that ephemeral secret; for production you should set a stable secret in env.
Persistence & Privilege
The plugin does not request 'always: true' and is user-invocable only. It registers hooks and (presumably) HTTP callback routes on the gateway process (CALLBACK_BASE_URL points at localhost:18789). Registering callback endpoints and allowing an external device to wake sessions is expected for this integration, but it does increase the attack surface: you should verify the callback handlers validate the approval secret and that the gateway's local HTTP endpoints are not exposed to untrusted networks. The described WebSocket wake that bypasses requests-in-flight checks is a functional feature but should be reviewed for safety in your deployment.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-interaction-bridge
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-interaction-bridge 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.3
Broader description: bridges to any external program (Snarling as demo). Added README to skills dir, synced SKILL.md content across both copies.
v1.6.2
Fixed metadata: type=code-plugin, declared OPENCLAW_APPROVAL_SECRET env var. Clean bundle without node_modules.
v1.6.1
Security fix: removed sessionKey from approval callback query params, added envVars to plugin manifest
v1.5.0
UUID secret auth for callbacks, sessionKey/secret in body (not query params), approval tracker, no middleman architecture, manifest env var declaration
v1.4.0
Security: callback auth token (OPENCLAW_APPROVAL_SECRET env var), no hardcoded sessionKey defaults, configurable CALLBACK_BASE_URL, removed curl dependency requirement
v1.3.0
Removed unnecessary curl dependency from SKILL.md, removed package-lock.json (not needed for plugin with one peer dep)
v1.2.0
Moved skill into proper skills/ directory, added skills field to plugin manifest for proper skill discovery
v1.1.0
Cleaned dependencies: minimal package-lock.json, excluded node_modules from publish
v1.0.0
Initial release
元数据
Slug openclaw-interaction-bridge
版本 1.6.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 9
常见问题

Openclaw Interaction Bridge 是什么?

Bridge OpenClaw agent interactions to any external program! The Snarling demo, for example, shows what the agent is doing and lets you approve or reject acti... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。

如何安装 Openclaw Interaction Bridge?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-interaction-bridge」即可一键安装,无需额外配置。

Openclaw Interaction Bridge 是免费的吗?

是的,Openclaw Interaction Bridge 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Openclaw Interaction Bridge 支持哪些平台?

Openclaw Interaction Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw Interaction Bridge?

由 snarflakes(@snarflakes)开发并维护,当前版本 v1.6.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论