← Back to Skills Marketplace

Clawket

Name: Clawket
Author: p697

by Cavano · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

429

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install clawket

Description

Generate QR codes for Clawket mobile app to pair with the local OpenClaw Gateway. Use when user mentions: Clawket pairing, login Clawket, QR code, mobile app...

README (SKILL.md)

Clawket Gateway QR Code

Generate a QR code that the Clawket mobile app can scan to auto-configure Gateway connection (URL + auth token).

Generate QR Code

Run the script:

bash SKILL_DIR/scripts/gateway-qr.sh

The script will:

Read ~/.openclaw/openclaw.json for the auth token
Detect the local LAN IP address
Generate a QR code as a PNG image at ~/.openclaw/media/clawket-qr.png
Also print an ASCII QR code to the terminal

Send the PNG to the user via the message tool (filePath: ~/.openclaw/media/clawket-qr.png).

QR Payload Format

The QR code contains a JSON object:

{
  "host": "192.168.1.100",
  "port": 18789,
  "token": "...",
  "tls": false
}

The Clawket app scans this and auto-fills Gateway URL + auth token, then connects.

Troubleshooting

If qrencode is not installed: brew install qrencode (macOS) / sudo apt install qrencode (Linux) / choco install qrencode (Windows)
If the LAN IP detection fails, the script falls back to 127.0.0.1
The token is read directly from the JSON config file (not via openclaw config get which redacts it)

Usage Guidance

This skill appears to do exactly what it says, but it will read your local OpenClaw auth token and embed it in a QR image (and print it to the terminal). Before installing/using it: 1) Confirm you want the token exported into ~/.openclaw/media/clawket-qr.png and possibly transmitted via chat/message; 2) Run the script locally yourself rather than giving a remote agent permission to run it, if you prefer tighter control; 3) Share the resulting QR only with the intended device/user and consider deleting the PNG afterward; 4) If the token is sensitive, consider rotating/revoking it after pairing or using an ephemeral pairing token if available; 5) If you plan to let the agent send the PNG on your behalf, understand that message logs or the agent's channels could store the token — only proceed if you trust the destination.

Capability Analysis

Type: OpenClaw Skill Name: clawket Version: 1.0.1 The skill is classified as suspicious due to its direct handling and exposure of a sensitive authentication token. The `scripts/gateway-qr.sh` script explicitly reads the raw `gateway.auth.token` from `~/.openclaw/openclaw.json` using `python3 -c`. This token is then embedded into a QR code payload and saved as a PNG file (`~/.openclaw/media/clawket-qr.png`). The `SKILL.md` instructions then direct the AI agent to send this PNG file to the user. While the stated purpose is legitimate (mobile app pairing), the direct access and transmission of an unredacted authentication token represents a significant security risk, as it could be intercepted or misused if the user's environment or the agent's output channel is compromised. There is no evidence of intentional malicious exfiltration to an unauthorized third party, but the capability is high-risk.

Capability Assessment

✓ Purpose & Capability

Name/description state: generate QR for Clawket pairing. The script reads ~/.openclaw/openclaw.json to extract gateway auth token and port, detects LAN IP, and produces a PNG + ASCII QR. These actions are expected and proportionate to the stated purpose.

ℹ Instruction Scope

SKILL.md instructs running the provided script which explicitly reads the raw auth token from ~/.openclaw/openclaw.json (bypassing any redaction) and instructs the agent to send the generated PNG via the message tool. This is necessary for pairing but means a secret token will be written to disk, printed to stdout, and potentially transmitted — the instructions do not require or instruct redaction.

✓ Install Mechanism

No external install/unpack occurs; the skill is instruction-only plus a local script. It depends on qrencode (standard package) and provides sensible installation hints. No downloads from untrusted URLs or archive extraction are present.

ℹ Credentials

No environment variables or unrelated credentials are requested. The script reads a local config file to retrieve a gateway auth token — this is expected for the task but is sensitive. The token is embedded in the QR and printed unredacted.

✓ Persistence & Privilege

always:false and no modifications to other skills or system-wide settings. The script writes output to ~/.openclaw/media (a local app directory), which is appropriate for its purpose and does not request elevated privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install clawket
After installation, invoke the skill by name or use /clawket
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Add login/pairing keywords to description

v1.0.0

Initial release: QR code pairing for Clawket mobile app

Metadata

Slug clawket

Version 1.0.1

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Clawket?

Generate QR codes for Clawket mobile app to pair with the local OpenClaw Gateway. Use when user mentions: Clawket pairing, login Clawket, QR code, mobile app... It is an AI Agent Skill for Claude Code / OpenClaw, with 429 downloads so far.

How do I install Clawket?

Run "/install clawket" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawket free?

Yes, Clawket is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawket support?

Clawket is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawket?

It is built and maintained by Cavano (@p697); the current version is v1.0.1.

More Skills