← 返回 Skills 市场
Tool Connector
作者
ZhixiangLuo
· GitHub ↗
· v1.0.2
· MIT-0
218
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install tool-connector
功能描述
Connect OpenClaw to any external tool or service — Slack, GitHub, Jira, Confluence, Grafana, Datadog, PagerDuty, Outlook, Google Drive, and more. Also teache...
安全使用建议
This skill is coherent with its purpose (it needs tokens and Playwright to capture SSO), but it carries notable risks you should evaluate before installing:
- Review the included scripts (especially scripts/shared_utils/playwright_sso.py and scripts/openclaw_sync.py) yourself. The SKILL.md explicitly tells you to do this — do it. Look for any network calls to external hosts, telemetry, or hidden uploads.
- Minimize privileges: use short-lived or scoped tokens where possible. Avoid giving long-lived admin tokens; create tokens with read-only scopes needed for the agent's tasks.
- Isolate runtime: consider running this skill in an isolated environment (throwaway VM, container, or separate user account) rather than your primary workstation, since it captures browser session data and writes plaintext files.
- Protect stored secrets: if you proceed, ensure ~/.openclaw/openclaw.json and ~/.openclaw/tool-connector.env have strict filesystem permissions (owner-only) and are not backed up to cloud services or included in repos.
- Confirm 'everything stays local': search the scripts for any network POST/PUT targets that are not the expected tool endpoints. If you see any calls to unexpected URLs, do not run the skill.
- Consider alternatives: prefer built-in OAuth or short-lived app tokens if your organization permits them, or use ephemeral credentials created specifically for agent use that can be revoked quickly.
If you want, paste the contents of scripts/shared_utils/playwright_sso.py and scripts/openclaw_sync.py here and I will inspect them for external endpoints, obfuscated behavior, or obvious exfiltration.
功能分析
Type: OpenClaw Skill
Name: tool-connector
Version: 1.0.2
The bundle captures highly sensitive SSO session tokens (Slack, Google, Microsoft, etc.) using Playwright browser automation and stores them in plain text (~/.openclaw/tool-connector.env). It frequently disables SSL certificate verification (ssl.CERT_NONE) across multiple scripts (playwright_sso.py, browser.py, and various connection snippets), creating significant MITM vulnerabilities. While these behaviors are aligned with the stated goal of enabling an agent to act as the user without official OAuth apps, the combination of automated credential scraping, plain-text storage, and weakened transport security represents a high-risk profile.
能力评估
Purpose & Capability
The skill claims to connect to Slack, GitHub, Jira, Confluence, Grafana, Datadog, PagerDuty, Outlook, Google Drive, etc., and the repo contains setup recipes and scripts (Playwright SSO, sync utilities) appropriate to that goal. Requiring Python + Playwright and capturing SSO cookies/tokens is consistent with the stated approach. Minor oddity: setup text asks the user to git-clone a '10xProductivity' repo (placeholder), even though the skill bundle already includes scripts — slightly sloppy but not necessarily malicious.
Instruction Scope
Runtime instructions tell the agent to run headed Chromium via Playwright to capture session cookies/tokens (localStorage and network headers) and to write credentials into ~/.openclaw/openclaw.json and ~/.openclaw/tool-connector.env. The instructions also say OpenClaw will inject those tokens as env vars at session start. Capturing browser storage and network headers is powerful and sensitive; the SKILL.md explicitly instructs writing long-lived tokens and SSO cookies to disk — this expands the skill's effective access to broad account privileges and to any agent session that loads those envs.
Install Mechanism
No opaque downloads are used; the declared install is a pip package (playwright) with the standard 'playwright install chromium' post-install step. That will download Chromium, which is expected for the described SSO flows. This is a common but non-trivial installation (large binary download, browser runtime). The SKILL.md includes explicit post-install commands so behavior is transparent.
Credentials
The metadata lists many environment variables/tokens (GitHub, Jira, Confluence, Datadog, Slack cookies, Google Drive cookies, Graph tokens, etc.). Requesting these is proportional to a connector that supports many services, but the combination of long-lived API tokens and SSO cookies stored locally (and injected into sessions) is high-impact. The skill claims no external services are used, but storing broad credentials increases attack surface (local compromise, accidental leakage to other skills/agents).
Persistence & Privilege
The skill writes credentials to ~/.openclaw/openclaw.json and a plain-text ~/.openclaw/tool-connector.env and relies on OpenClaw to inject env vars into agent sessions. Although 'always' is false, these design choices create persistent, session-wide credentials that may be visible to other agent tasks or skills. The SKILL.md asserts the sync script only touches its own keys, but that is a trust assumption — the tools will have broad access while present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tool-connector - 安装完成后,直接呼叫该 Skill 的名称或使用
/tool-connector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
**Skill 1.0.2 introduces stronger privacy guarantees and an improved setup experience.**
- Clarified that all credentials and data remain strictly local; nothing leaves your machine, including to OpenClaw servers.
- Added a full listing of all environment variables the skill may set, including kind, tool, and typical token/session lifetimes.
- Updated installation instructions: now requires Python Playwright (via pip), with automated Chromium install.
- Simplified setup: just paste a tool URL—the skill detects base URL and auth method automatically.
- Expanded and clarified warnings for SSO usage, storage scope, and Playwright-based SSO capture.
- Minor copyedits for clarity, transparency, and user confidence.
v1.0.1
Add security transparency: explicit caution notice in description and SKILL.md, declared Playwright install spec, scoped credential write documented in code, removed 'enterprise' framing.
v1.0.0
Initial release: connect OpenClaw to Slack, GitHub, Jira, Confluence, Grafana, Datadog, PagerDuty, Outlook, Google Drive, Teams, and more. Includes 10xProductivity methodology for adding new tools from scratch.
元数据
常见问题
Tool Connector 是什么?
Connect OpenClaw to any external tool or service — Slack, GitHub, Jira, Confluence, Grafana, Datadog, PagerDuty, Outlook, Google Drive, and more. Also teache... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 218 次。
如何安装 Tool Connector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tool-connector」即可一键安装,无需额外配置。
Tool Connector 是免费的吗?
是的,Tool Connector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Tool Connector 支持哪些平台?
Tool Connector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tool Connector?
由 ZhixiangLuo(@zhixiangluo)开发并维护,当前版本 v1.0.2。
推荐 Skills