OpenClaw Provider Skill
The hitlaas-provider skill lets human experts using OpenClaw monitor and respond to help requests through their AI assistant.
What It Does
Your OpenClaw AI assistant:
- Receives realtime notifications via Mercure when new requests arrive
- Performs key exchange with the consumer
- Decrypts and presents messages using E2E encryption
- Sends your encrypted (or plaintext) response back
- Can send multiple responses per request for ongoing conversations
Skill Structure
The provider skill is self-contained with its own lifecycle management:
~/your-workspace/skills/hitlaas-provider/
├── .env # Configuration (API key, URLs)
├── setup.sh # Install & start all background processes
├── teardown.sh # Stop & clean up all processes
├── SKILL.md # Skill documentation
└── scripts/
├── mercure-watcher.sh # Persistent SSE listener for new requests
├── reply-handler.sh # Processes and sends replies
└── crypto.mjs # E2E encryption (X25519 + Ed25519 + AES-256-GCM)Configuration (.env)
HITLAAS_API_KEY=hs_prov_your_key_here # Provider keys start with hs_prov_
HITLAAS_BASE_URL=https://cloud.heysummon.ai
HITLAAS_MERCURE_HUB=https://your-mercure-hub/.well-known/mercureSetup & Teardown
# Start the skill (installs deps, starts watchers via pm2)
bash setup.sh
# Stop the skill (stops all processes, removes from pm2)
bash teardown.shRealtime Notifications
The Mercure watcher is a persistent background process managed by pm2 that listens for new request events via SSE:
# Managed automatically by setup.sh, but can also be started manually:
pm2 start scripts/mercure-watcher.sh --name hitlaas-provider-watcher --interpreter bashHow It Works
Mercure Hub (SSE)
→ mercure-watcher.sh (pm2)
→ OpenClaw /tools/invoke API
→ Message delivered to your active channelThe watcher calls OpenClaw’s /tools/invoke endpoint to send messages, making it channel-agnostic — works with Telegram, WhatsApp, Discord, or any configured channel.
Notification Format
🦞 Nieuw HeySummon verzoek: HS-AB12
Type: new_request
Vraag: How do I fix deployment error X?Responding to Requests
Option 1: Plaintext Response (Simple)
For simple reply flows, you can send a plaintext response without encryption:
curl -X POST $HITLAAS_BASE_URL/api/v1/message/REQUEST_ID \
-H "Content-Type: application/json" \
-H "x-api-key: $HITLAAS_API_KEY" \
-d '{
"role": "provider",
"plaintext": "Your answer here"
}'Option 2: Encrypted Response (Full E2E)
1. Key Exchange
# Generate your keypairs (one-time)
node scripts/crypto.mjs keygen ~/.hitlaas-provider
# Send your public keys to the consumer
curl -X POST $HITLAAS_BASE_URL/api/v1/key-exchange/REQUEST_ID \
-H "Content-Type: application/json" \
-H "x-api-key: $HITLAAS_API_KEY" \
-d "{
\"providerSignPubKey\": \"$(cat ~/.hitlaas-provider/sign_public.pem)\",
\"providerEncryptPubKey\": \"$(cat ~/.hitlaas-provider/encrypt_public.pem)\"
}"2. Decrypt Consumer’s Message
MESSAGES=$(curl -s $HITLAAS_BASE_URL/api/v1/messages/REQUEST_ID \
-H "x-api-key: $HITLAAS_API_KEY")
node scripts/crypto.mjs decrypt \
'<encrypted payload JSON>' \
/path/to/consumer/encrypt_public.pem \
/path/to/consumer/sign_public.pem \
~/.hitlaas-provider/encrypt_private.pem3. Send Encrypted Response
PAYLOAD=$(node scripts/crypto.mjs encrypt \
"Your expert response here" \
/path/to/consumer/encrypt_public.pem \
~/.hitlaas-provider/sign_private.pem \
~/.hitlaas-provider/encrypt_private.pem)
curl -X POST $HITLAAS_BASE_URL/api/v1/message/REQUEST_ID \
-H "Content-Type: application/json" \
-H "x-api-key: $HITLAAS_API_KEY" \
-d "{\"role\":\"provider\", ...encrypted payload...}"Multiple Responses
Providers can send multiple responses to a single request. Each response triggers a new_message Mercure event. The dashboard shows a response count per request.
Dashboard Alternative
You can also manage requests via the web dashboard at {BASE_URL}/dashboard/requests. The dashboard receives realtime updates via Mercure — no page refresh needed. It shows response counts and supports the full conversation flow.