← Back to Skills Marketplace
Creative Agents
by
austindixson
· GitHub ↗
· v1.0.0
410
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install creative-agents
Description
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Use when configuring or running researcher, social media, blog, or scrib...
README (SKILL.md)
Creative Agents Skill
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Provides the automation layer that agent definitions in agents/ rely on.
Overview
These scripts power four creative agents:
- Researcher — topic research via last30days skill
- Social Media Manager — posting, monitoring, engagement via Playwright + OAuth
- Blogger — content pipeline: research → outline → draft → humanize → publish
- Scribe — log analysis, pattern detection, memory curation
Scripts
| Script | Class | Purpose |
|---|---|---|
researcher_integration.py |
ResearcherIntegration |
Discovers and invokes the last30days skill, parses results into structured reports |
oauth_handler.py |
OAuthHandler |
Manages OAuth tokens for social platforms (Twitter, LinkedIn, etc.) |
social_playwright.py |
SocialPlaywright |
Browser automation for social media actions via Playwright |
humanizer_integration.py |
HumanizerIntegration |
Discovers and invokes the humanizer skill for natural-sounding content |
log_analyzer.py |
LogAnalyzer |
Multi-source log scanning (Cursor, nanobot, Claude, shell) |
memory_curator.py |
MemoryCurator |
Extracts insights from daily notes and commits to MEMORY.md |
scribe_integration.py |
ScribeIntegration |
Orchestrates the full scribe pipeline with memory commits |
Usage
All scripts are importable as Python modules and executable as CLI tools:
# Research
python3 scripts/researcher_integration.py --topic "AI agents" --days 30 --json
# OAuth status
python3 scripts/oauth_handler.py status --platform twitter --json
# Social posting
python3 scripts/social_playwright.py post --platform twitter --content "Hello world" --json
# Humanize content
python3 scripts/humanizer_integration.py --content "Technical text" --style casual --json
# Log analysis
python3 scripts/log_analyzer.py --hours 24 --sources cursor,nanobot,claude --json
# Memory curation
python3 scripts/memory_curator.py curate --days 7 --json
# Scribe pipeline
python3 scripts/scribe_integration.py --mode daily --commit-memory --json
Architecture
nanobot routes tasks → overstory spawns agents → agents invoke these scripts.
Agent definitions live in /Users/ghost/.openclaw/workspace/agents/. Scripts live here. Overstory handles all agent lifecycle (spawn, monitor, collect results).
Requirements
- Python 3.9+
- Playwright (for social_playwright.py)
- Optional: system keyring (for encrypted OAuth token storage)
Usage Guidance
Before installing or enabling this skill:
- Understand it reads many personal files (shell history, local logs, Claude transcripts, and journal/daily notes) and will write to a MEMORY.md and ~/.nanobot/oauth_tokens.json — review those paths and confirm you are comfortable with that access.
- The skill expects OAuth client IDs/secrets via environment variables (e.g., TWITTER_CLIENT_ID/TWITTER_CLIENT_SECRET) but the metadata doesn't declare them — only set these in a safe environment if you intend to use social features.
- OAuth tokens are stored in the system keyring if available, otherwise stored as plaintext (permission 600) in ~/.nanobot/oauth_tokens.json — install a keyring backend or avoid using the OAuth features if you cannot accept plaintext storage.
- The scripts discover and execute other local skills via subprocess.run; review any discovered skill entry points on disk to ensure you trust them.
- If you have sensitive data on the machine, consider running this skill in an isolated environment or container, inspect the code yourself, and avoid granting it autonomous or always-on capabilities.
- If you want to proceed, at minimum: (1) inspect oauth_handler.py and the storage location, (2) enable a system keyring, (3) review and restrict which directories the skill can access, and (4) set required CLIENT_ID/CLIENT_SECRET env vars only when needed.
Capability Analysis
Type: OpenClaw Skill
Name: creative-agents
Version: 1.0.0
The skill bundle is classified as suspicious due to several high-risk patterns and vulnerabilities. The `scripts/social_playwright.py` file dynamically constructs and executes Python code via `python3 -c`, which, despite using `json.dumps` for input, is an inherently risky pattern that could lead to code injection if exploited. Additionally, `scripts/humanizer_integration.py`, `scripts/researcher_integration.py`, and `scripts/scribe_integration.py` invoke external Python skills via `subprocess.run`. While arguments are passed as lists (mitigating direct shell injection from this script), this creates a potential RCE chain if the invoked skills are vulnerable to argument injection or if skill discovery paths are compromised. Finally, `scripts/oauth_handler.py` stores sensitive OAuth tokens in plaintext if the `keyring` module is unavailable, posing a significant data-at-rest vulnerability. There is no clear evidence of intentional malicious behavior, but these vulnerabilities elevate the risk beyond benign.
Capability Assessment
Purpose & Capability
The included Python modules (researcher, oauth, playwright integration, humanizer, log analyzer, memory curator, scribe orchestrator) align with the declared purpose of managing creative agents. However, the skill's registry metadata declares no required environment variables or credentials even though oauth_handler expects platform-specific CLIENT_ID/CLIENT_SECRET environment variables and the integration code expects other skill paths (HUMANIZER_SKILL_PATH, LAST30DAYS_SKILL_PATH). This omission is an incoherence between claimed requirements and actual capabilities.
Instruction Scope
SKILL.md and the scripts instruct the agent to read many user-local paths: shell history (~/.zsh_history, ~/.bash_history), ~/.openclaw logs, ~/.claude transcripts, Cursor logs, and user workspace files (e.g., /Users/ghost/.openclaw/workspace/MEMORY.md). The oauth handler stores and reads tokens under ~/.nanobot and may call external OAuth endpoints. The skill also discovers and runs other local skill entry points via subprocess.run — which means it can execute arbitrary code found on disk. These behaviors go beyond a simple 'integration helper' and involve reading and writing sensitive local data.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain installation risk. However, the package includes multiple executable Python scripts bundled with the skill — invoking the skill will execute that code on the host. No external downloads are performed by the skill itself (network is used for OAuth token exchanges), but because the scripts invoke other local skills via subprocess, they may execute third-party code present on disk.
Credentials
The skill metadata declares no required environment variables or primary credential, yet oauth_handler reads/depends on per-platform environment variables (e.g., TWITTER_CLIENT_ID, TWITTER_CLIENT_SECRET) to complete OAuth flows; other modules also check HUMANIZER_SKILL_PATH and LAST30DAYS_SKILL_PATH environment variables. The OAuth component persists tokens to ~/.nanobot/oauth_tokens.json and will store them as plaintext if the system keyring is unavailable — a significant credential-handling risk that is not reflected in the declared requirements.
Persistence & Privilege
The skill does not request 'always' or any elevated platform privilege. It does, however, write to user files: it will create ~/.nanobot for tokens, append to a MEMORY.md at a hard-coded path under the user's workspace, and can generate cron entry text for the user. It does not automatically install cron jobs, but it will persist tokens and memory entries when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install creative-agents - After installation, invoke the skill by name or use
/creative-agents - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of creative-agents, providing automation scripts for agent workflows:
- Integrates researcher, social media manager, blogger, and scribe agents managed by overstory (Claude Code).
- Provides Python modules/CLI tools for research, OAuth/social media automation, content humanization, log analysis, and memory curation.
- Implements orchestration and integration layers for agent tasks, including Playwright-based browser automation.
- Designed for direct import or command-line use in multi-agent creative workflows.
Metadata
Frequently Asked Questions
What is Creative Agents?
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Use when configuring or running researcher, social media, blog, or scrib... It is an AI Agent Skill for Claude Code / OpenClaw, with 410 downloads so far.
How do I install Creative Agents?
Run "/install creative-agents" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Creative Agents free?
Yes, Creative Agents is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Creative Agents support?
Creative Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Creative Agents?
It is built and maintained by austindixson (@austindixson); the current version is v1.0.0.
More Skills