letsping

### Install (runtime)

This registry entry is **instruction-only**. The `letsping_ask` **runtime** is provided by the npm package **`@letsping/openclaw-skill`**. Use one of:

- **npm:** `npm install @letsping/openclaw-skill` (then register the skill in your OpenClaw workspace so it loads `letsping_ask`).
- **Clone:** `git clone https://github.com/CordiaLabs/openclaw-skill ~/.openclaw/workspace/skills/letsping && cd ~/.openclaw/workspace/skills/letsping && npm install`.

Set **`LETSPING_API_KEY`** (your LetsPing agent key, e.g. `lp_live_...`) in the skill's env. Obtain it at https://letsping.co/openclaw/pair or via LetsPing's Agent Credentials API. Treat this key as **highly sensitive**; use a dedicated agent key and revoke if compromised.

### Usage

This skill provides the `letsping_ask` tool, a secure escalation point for high risk actions. The agent calls it, blocks until your approval/patch/reject via the LetsPing PWA, then resumes with the **authorized payload only**.

**Critical**: Use frontier models (e.g., Claude Opus, GPT-4o or better) to minimize prompt bypass risk. Smaller models are vulnerable to drift/injection.

**Copy-paste this into your workspace TOOLS.md or AGENTS.md** (or append to system prompt):

```text
You have full autonomous authority for **SAFE** actions only: reading files/logs, web searches, viewing/analyzing data without side effects.

You **MUST** call `letsping_ask` **BEFORE** any **HIGH-RISK** action—and **NEVER** execute the action directly. High-risk includes:
- Financial: Any spending, transactions, bookings > $10
- Destructive: Deleting/overwriting files, DB rows, configs
- Social: Posting publicly, sending DMs/emails to new contacts, or group chats
- Infrastructure: Modifying DNS, env vars, deployments, infra APIs, or permissions

When escalating:
- Provide tool_name (exact tool, e.g., "system_run")
- args_json: Stringified JSON of the original arguments
- risk_reason: Clear, concise justification (e....

# LetsPing OpenClaw Adapter

OpenClaw skill that sends high risk tool calls through LetsPing for human approval.

This package provides a `letsping_ask(tool_name, args_json, risk_reason)` skill for OpenClaw agents. It routes high risk actions through LetsPing so a human can approve, reject, or patch the payload before the agent proceeds.

The skill authenticates to LetsPing with a single agent key; the LetsPing service handles storage and delivery of approval requests.

## Installation

**Option A — npm (recommended):**

```bash
npm install @letsping/openclaw-skill
```

Then register the skill in your OpenClaw workspace so the gateway loads the `letsping_ask` tool.

**Option B — clone into workspace:**

```bash
git clone https://github.com/CordiaLabs/openclaw-skill ~/.openclaw/workspace/skills/letsping
cd ~/.openclaw/workspace/skills/letsping
npm install
```

Restart the OpenClaw gateway.

## Configuration

Add to `~/.openclaw/openclaw.json`:

```json
{
  "skills": {
    "entries": {
      "letsping": {
        "env": {
          "LETSPING_API_KEY": "lp_live_..."
        }
      }
    }
  }
}
```

- **`LETSPING_API_KEY`** (required): Your LetsPing agent key. Obtain it at https://letsping.co/openclaw/pair or via LetsPing’s Agent Credentials API.
- Treat this key as **highly sensitive**. Use a dedicated agent key and revoke it if compromised.

## Usage

Add the following to your agent's system prompt or `AGENTS.md`:

```
You have full authority for safe actions: reading files, logs, web searches, data analysis without side effects.

You MUST call letsping_ask BEFORE any high-risk action. NEVER execute high-risk actions directly.

High-risk includes:
- Financial: Spending money, bookings, transactions > $10
- Destructive: Delete/overwrite files, DB rows, configs
- Social: Posting, sending DMs/emails to new/public contacts
- Infrastructure: Modifying DNS, env vars, deployments, infra APIs

Provide:
- tool_...