glove
Provides a comprehensive guide for developing AI applications using the Glove framework, including setup and core concepts.
Install this skill
Security score
The glove skill was audited on May 27, 2026 and we found 48 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 2334 | 67. **Continuum runner spawn env-blocklist**: `NODE_OPTIONS`, `LD_PRELOAD`, `LD_LIBRARY_PATH`, and `DYLD_INSERT_LIBRARIES` are stripped from BOTH the parent env forwarded to subprocesses AND any `.env |
Template literal with variable interpolation in command context
| 122 | data: `User selected: ${selected}`, // sent to AI |
Template literal with variable interpolation in command context
| 308 | const res = await fetch(`https://wttr.in/${input.city}?format=j1`); |
Template literal with variable interpolation in command context
| 325 | input: { message: `Delete ${input.file}?` }, |
Template literal with variable interpolation in command context
| 343 | if (event_type === "tool_use") console.log(`\n[tool] ${(data as any).name}`); |
Template literal with variable interpolation in command context
| 454 | getInboxItems: (sid) => fetch(`/api/sessions/${sid}/inbox`).then(r => r.json()), |
Template literal with variable interpolation in command context
| 455 | addInboxItem: (sid, item) => fetch(`/api/sessions/${sid}/inbox`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ item }) }), |
Template literal with variable interpolation in command context
| 456 | updateInboxItem: (sid, itemId, updates) => fetch(`/api/sessions/${sid}/inbox/update`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ itemId, updates }) }), |
Template literal with variable interpolation in command context
| 457 | getResolvedInboxItems: (sid) => fetch(`/api/sessions/${sid}/inbox/resolved`).then(r => r.json()), |
Template literal with variable interpolation in command context
| 490 | `Be terse. (source=${source}, hint=${args ?? "none"})`, |
Template literal with variable interpolation in command context
| 497 | ?? new MemoryStore(`weather_${Date.now()}`); |
Template literal with variable interpolation in command context
| 598 | return `Switch into research mode. Focus: ${args ?? "general"}.`; |
Template literal with variable interpolation in command context
| 602 | return `Switch into research mode. User said: ${parsedText}`; |
Template literal with variable interpolation in command context
| 668 | ?? new MemoryStore(`researcher_${Date.now()}`); |
Template literal with variable interpolation in command context
| 832 | - **Name**: `${entry.id}__${tool.name}` (e.g. `notion__search`). The `__` separator (exported as `MCP_NAMESPACE_SEP`) is regex-safe across all model providers. |
Template literal with variable interpolation in command context
| 1357 | .store((name) => new MyPersistentStore(`./agents/${name}.db`)) |
Template literal with variable interpolation in command context
| 1433 | .store((name) => new MyInboxCapableStore(`./agents/${name}.db`)) |
Template literal with variable interpolation in command context
| 1902 | const range = from != null || to != null ? ` lines ${from ?? 1}-${to ?? "EOF"}` : ""; |
Template literal with variable interpolation in command context
| 1903 | return `Read ${path}${range} (${lineCount} lines).`; |
Template literal with variable interpolation in command context
| 2293 | 30. **MCP tool names use `__`**: Bridged MCP tool names are `${entry.id}__${tool.name}` — the `__` separator (`MCP_NAMESPACE_SEP`) is regex-safe across all model providers. A Notion `search` tool surf |
Template literal with variable interpolation in command context
| 2318 | 51. **Permissions are keyed on (tool, input), not just tool**: `Executor.checkPermission` calls `store.getPermission(name, input)` with the model-supplied input on every gated call. The default `Memor |
Fetch to external URL
| 156 | // getSessionId: () => fetch("/api/session").then(r => r.json()).then(d => d.id), |
Webhook reference - potential data exfiltration
| 395 | // From a background job, webhook handler, or cron: |
Webhook reference - potential data exfiltration
| 1311 | - `glove_post_to_inbox` — "I will resolve this myself later from outside the conversation" (external service, webhook, cron). |
Webhook reference - potential data exfiltration
| 1337 | - Firing agent work from an HTTP handler / cron / webhook and picking it up async — like a background job, but the job is a full Glove agent. |
Webhook reference - potential data exfiltration
| 1444 | `mountMesh` requires the store to implement inbox methods (`getInboxItems` / `addInboxItem` / `updateInboxItem` / `getResolvedInboxItems`). Glove's default `MemoryStore` implements them; custom stores |
Webhook reference - potential data exfiltration
| 2326 | 59. **`InMemoryMeshAdapter` is process-local**: Construct ONE `MeshNetwork` per process and share it across every `InMemoryMeshAdapter`. For cross-process or distributed messaging, implement `MeshAdap |
Access to .env file
| 93 | Set `ANTHROPIC_API_KEY` (or `OPENAI_API_KEY`, etc.) in `.env.local`. |
Access to .env file
| 1356 | .env({ OVEN: "hot" }) |
Access to .env file
| 1470 | - `NODE_OPTIONS`, `LD_PRELOAD`, `LD_LIBRARY_PATH`, and `DYLD_INSERT_LIBRARIES` are stripped from the parent env before forwarding, and an agent's `.env({...})` cannot override them. |
Access to .env file
| 1588 | .env.example # Generated from `env` config — required vars first |
Access to .env file
| 1646 | const s3 = new S3Client({ region: process.env.AWS_REGION }) |
Access to .env file
| 1650 | bucket: process.env.OUTPUTS_BUCKET!, |
Access to .env file
| 1651 | region: process.env.AWS_REGION, |
Access to .env file
| 1667 | rule.s3({ bucket: process.env.OUTPUTS_BUCKET! }), |
Access to .env file
| 1679 | - **Docker** — `docker build -t my-app dist/` then run with `-p 8080:8080 -e GLOVEBOX_KEY=$(cat dist/glovebox.key) -e GLOVEBOX_PUBLIC_URL=https://my-app.example.com my-app`. Set any required env vars |
Access to .env file
| 1691 | pdf: { url: "wss://pdf.example.com/", key: process.env.GLOVEBOX_PDF_KEY! }, |
Access to .env file
| 2089 | Set `ELEVENLABS_API_KEY` in `.env.local`. |
Access to .env file
| 2334 | 67. **Continuum runner spawn env-blocklist**: `NODE_OPTIONS`, `LD_PRELOAD`, `LD_LIBRARY_PATH`, and `DYLD_INSERT_LIBRARIES` are stripped from BOTH the parent env forwarded to subprocesses AND any `.env |
External URL reference
| 15 | **Docs site**: https://glove.dterminal.net |
External URL reference
| 308 | const res = await fetch(`https://wttr.in/${input.city}?format=j1`); |
External URL reference
| 866 | url: "https://mcp.notion.com/mcp", |
External URL reference
| 886 | - **`runMcpOAuth(opts)`** — one call, end-to-end flow. Spins up a local listener on `http://localhost:53683/callback` (configurable), drives the SDK through DCR (or skips it via `preRegisteredClient`) |
External URL reference
| 1089 | Episodic and resources use the same lifecycle. Writes mark records `embeddingStatus: "missing"` (initial) or `"stale"` (content change) and return immediately. A separate process — typically a [Statio |
External URL reference
| 1144 | - Triggering, scheduling, or pipeline orchestration ([Station](https://station.dterminal.net)'s territory). |
External URL reference
| 1679 | - **Docker** — `docker build -t my-app dist/` then run with `-p 8080:8080 -e GLOVEBOX_KEY=$(cat dist/glovebox.key) -e GLOVEBOX_PUBLIC_URL=https://my-app.example.com my-app`. Set any required env vars |
External URL reference
| 1682 | `GLOVEBOX_PORT` defaults to 8080; the Dockerfile `EXPOSE`s and `ENV`s it. `GLOVEBOX_PUBLIC_URL` defaults to `http://localhost:<port>` — fine for local, broken for any client outside the container. |
External URL reference
| 2045 | Available at https://glove.dterminal.net/tools — copy-paste into your project: |