tanmay/Regolith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve setup UX with AskUserQuestion tool and security education (#60)

Browse Source 
- Add UX note instructing Claude to use AskUserQuestion tool for better
  interactive experience during setup
- Add new Section 7 explaining the main channel's elevated privileges
  (admin control portal) before registration
- Include interactive security acknowledgment with follow-up for users
  choosing shared groups
- Renumber subsequent sections (7→8, 8→9, 9→10)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Tom Granot
2026-02-03 16:04:45 +01:00
committed by GitHub
parent 80e68dc00d
commit 1a32bff6ec
1 changed files with 44 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
.claude/skills/setup/SKILL.md
View File

@@ -7,6 +7,8 @@ description: Run initial NanoClaw setup. Use when user wants to install dependen
Run all commands automatically. Only pause when user action is required (scanning QR codes). Run all commands automatically. Only pause when user action is required (scanning QR codes).
**UX Note:** When asking the user questions, prefer using the `AskUserQuestion` tool instead of just outputting text. This integrates with Claude's built-in question/answer system for a better experience.
## 1. Install Dependencies ## 1. Install Dependencies
```bash ```bash
@@ -171,7 +173,43 @@ If they choose something other than `Andy`, update it in these places:
Store their choice - you'll use it when creating the registered_groups.json and when telling them how to test. Store their choice - you'll use it when creating the registered_groups.json and when telling them how to test.
## 7. Register Main Channel ## 7. Understand the Security Model
Before registering your main channel, you need to understand an important security concept.
**Use the AskUserQuestion tool** to present this:
> **Important: Your "main" channel is your admin control portal.**
>
> The main channel has elevated privileges:
> - Can see messages from ALL other registered groups
> - Can manage and delete tasks across all groups
> - Can write to global memory that all groups can read
> - Has read-write access to the entire NanoClaw project
>
> **Recommendation:** Use your personal "Message Yourself" chat or a solo WhatsApp group as your main channel. This ensures only you have admin control.
>
> **Question:** Which setup will you use for your main channel?
>
> Options:
> 1. Personal chat (Message Yourself) - Recommended
> 2. Solo WhatsApp group (just me)
> 3. Group with other people (I understand the security implications)
If they choose option 3, ask a follow-up:
> You've chosen a group with other people. This means everyone in that group will have admin privileges over NanoClaw.
>
> Are you sure you want to proceed? The other members will be able to:
> - Read messages from your other registered chats
> - Schedule and manage tasks
> - Access any directories you've mounted
>
> Options:
> 1. Yes, I understand and want to proceed
> 2. No, let me use a personal chat or solo group instead
## 8. Register Main Channel
Ask the user: Ask the user:
> Do you want to use your **personal chat** (message yourself) or a **WhatsApp group** as your main control channel? > Do you want to use your **personal chat** (message yourself) or a **WhatsApp group** as your main control channel?
@@ -215,7 +253,7 @@ Ensure the groups folder exists:
mkdir -p groups/main/logs mkdir -p groups/main/logs
``` ```
## 8. Configure External Directory Access (Mount Allowlist) ## 9. Configure External Directory Access (Mount Allowlist)
Ask the user: Ask the user:
> Do you want the agent to be able to access any directories **outside** the NanoClaw project? > Do you want the agent to be able to access any directories **outside** the NanoClaw project?
@@ -242,7 +280,7 @@ Skip to the next step.
If **yes**, ask follow-up questions: If **yes**, ask follow-up questions:
### 8a. Collect Directory Paths ### 9a. Collect Directory Paths
Ask the user: Ask the user:
> Which directories do you want to allow access to? > Which directories do you want to allow access to?
@@ -259,14 +297,14 @@ For each directory they provide, ask:
> Read-write is needed for: code changes, creating files, git commits > Read-write is needed for: code changes, creating files, git commits
> Read-only is safer for: reference docs, config examples, templates > Read-only is safer for: reference docs, config examples, templates
### 8b. Configure Non-Main Group Access ### 9b. Configure Non-Main Group Access
Ask the user: Ask the user:
> Should **non-main groups** (other WhatsApp chats you add later) be restricted to **read-only** access even if read-write is allowed for the directory? > Should **non-main groups** (other WhatsApp chats you add later) be restricted to **read-only** access even if read-write is allowed for the directory?
> >
> Recommended: **Yes** - this prevents other groups from modifying files even if you grant them access to a directory. > Recommended: **Yes** - this prevents other groups from modifying files even if you grant them access to a directory.
### 8c. Create the Allowlist ### 9c. Create the Allowlist
Create the allowlist file based on their answers: Create the allowlist file based on their answers:
@@ -322,7 +360,7 @@ Tell the user:
> } > }
> ``` > ```
## 9. Configure launchd Service ## 10. Configure launchd Service
Generate the plist file with correct paths automatically: Generate the plist file with correct paths automatically: