What secret is required to submit reports?

A revocable Bearer token: CLEANAPP_API_TOKEN, obtained via POST /v1/fetchers/register, stored securely in ClawHub/OpenClaw secrets.

What happens to my reports once submitted?

Reports first go through a quarantine lane for storage and analysis before routing; idempotency is enforced by a unique source_id and fetcher_id combination.

How do I test safely?

Use --dry-run for a network-free test, or run with a test API token and the default quarantine settings to verify payload structure without publishing.

CleanApp Report Submission

Verified

@borisolver

npx machina-cli add skill @borisolver/cleanapp --openclaw

Files (1)

SKILL.md

2.9 KB

SKILL: CleanApp Ingest v1 (OpenClaw/ClawHub)

This is a skill package that lets an agent submit any problem signal into CleanApp (bugs, incidents, scams, UX friction, policy violations, safety hazards, improvement proposals) using the Fetcher Key System:

POST /v1/fetchers/register (one-time key issuance)
POST /v1/reports:bulkIngest (bulk ingest, quarantine-first)
GET /v1/fetchers/me (introspection)

This is not a long-lived agent running inside the CleanApp backend. It’s a client-side integration that talks to CleanApp over HTTPS.

Why This Is Safe (Compartmentalized)

The only secret in the agent is a revocable CleanApp API key (CLEANAPP_API_TOKEN).
New keys default to a quarantine lane on the backend:
- Stored + analyzed
- Not publicly published
- Not automatically routed to third parties
- Not rewarded
The backend enforces:
- rate limits / quotas
- idempotency (source_id)
- kill switches (revoke/suspend)

So even if an agent is prompt-injected, the blast radius is limited to “submitting more quarantined reports” until the key is revoked.

Required Secret

CLEANAPP_API_TOKEN (Bearer token). Get it once via:
- POST /v1/fetchers/register (see references/API_REFERENCE.md)
- Store it as a ClawHub/OpenClaw secret; never paste into chat logs.

Optional env:

CLEANAPP_BASE_URL (default https://live.cleanapp.io)

Data Handling (Minimal by Default)

This skill submits:

title, description (text)
optional lat/lng (location)
optional media[] metadata (URL/SHA/content-type)

Recommended low-risk defaults:

--approx-location (round coordinates to reduce precision)
--no-media (drop media metadata unless needed)

Idempotency (Important)

Every item must include a stable source_id. The backend enforces:

UNIQUE(fetcher_id, source_id)
retries won’t duplicate rows if you reuse the same source_id

Usage

Bulk ingest from JSON (recommended)

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
python3 ingest.py \\
  --base-url https://live.cleanapp.io \\
  --input examples/sample_items.json \\
  --approx-location \\
  --no-media

Dry run (no network)

python3 ingest.py --input examples/sample_items.json --dry-run

Single-item helper (shell)

This is useful for quick manual submissions while debugging.

export CLEANAPP_API_TOKEN="cleanapp_fk_live_..."
./scripts/submit_report.sh --title "Broken elevator" --description "Stuck on floor 3" --lat 34.0702 --lng -118.4441 --approx-location

Promotion (Out of Quarantine)

Promotion is a reviewed process. As you build reputation, CleanApp can:

raise caps
allow public publishing/routing/rewards

See:

POST /v1/fetchers/promotion-request
GET /v1/fetchers/promotion-status

References

Swagger UI: https://live.cleanapp.io/v1/docs
OpenAPI YAML: https://live.cleanapp.io/v1/openapi.yaml
references/API_REFERENCE.md in this package

Source

git clone https://clawhub.ai/borisolver/cleanappView on GitHub

Overview

CleanApp Ingest v1 is a client-side integration that lets agents submit any problem signal (bugs, incidents, hazards, UX friction, policy violations) to CleanApp's global routing pipeline. Submissions travel through a quarantine-first path and are secured by a revocable API key, ensuring safe, controlled routing and analysis before public exposure.

How This Skill Works

Configure a revocable CLEANAPP_API_TOKEN (and optional CLEANAPP_BASE_URL). Use the bulkIngest endpoint POST /v1/reports:bulkIngest with a stable source_id for idempotency; reports are stored, analyzed, and quarantined before routing. The integration runs on the client side over HTTPS and does not operate as a long-lived backend agent.

When to Use It

Bulk submit multiple incidents from field surveys into CleanApp for centralized routing.
Report a location-based hazard with approximate coordinates to protect sensitive details.
Submit a single detailed incident (e.g., broken infrastructure) via a quick shell or script.
Perform a dry-run to test ingest scripts without network calls.
Audit or test idempotency by re-sending the same source_id to avoid duplicates.

Quick Start

Step 1: Ensure CLEANAPP_API_TOKEN is set (export CLEANAPP_API_TOKEN="...") and optionally set CLEANAPP_BASE_URL.
Step 2: Prepare input (e.g., examples/sample_items.json) and decide on --approx-location and --no-media as needed.
Step 3: Run ingest.py to perform bulk ingest or a dry-run, e.g., python3 ingest.py --input examples/sample_items.json --base-url https://live.cleanapp.io --approx-location --no-media

Best Practices

Use a stable source_id for each unique report to guarantee idempotency.
Prefer approximate-location for privacy; drop media unless needed.
Store CLEANAPP_API_TOKEN securely; rotate keys when needed.
Test with dry-run before live ingest, and monitor ingestion for quarantined items.
Keep reports structured with title, description, and optional lat/lng and media metadata.

Example Use Cases

Flooding and sewage backup reported near Main St with location data.
Overflowing trash bins in a city park submitted for quicker routing.
Pothole causing damage reported at the intersection of 5th and Pine (lat/lng).
Unsafe construction site hazard observed and submitted as a UX/infra issue.
Policy violation or scam observed and submitted for review via quarantine pathway.

Frequently Asked Questions

Add this skill to your agents