← Back to Skills Marketplace
owen-ai-01

add-agent

by owen · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
483
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install add-agent
Description
Add a new OpenClaw Agent, automatically configure openclaw.json, create workspace, copy auth and skills.
README (SKILL.md)

\r \r

add-agent\r

\r Quickly add a new isolated Agent with a dedicated Telegram Bot.\r \r

Trigger\r

\r User says something like:\r

"Add a new agent, ID is marketing, name is Marketing Assistant, telegram Bot Token is xxx, allowFrom is 123456789, responsible for content marketing and social media"\r \r

Steps\r

\r Once a new agent request is received, execute in the following order:\r \r

1. Extract Parameters\r

\r Extract the following fields from user input:\r

  • AGENT_ID: English ID (e.g. marketing)\r
  • AGENT_NAME: Agent name (e.g. Marketing Assistant, Alice, WorkBot, etc.)\r
  • BOT_TOKEN: Telegram Bot Token\r
  • ALLOW_FROM: allowFrom numeric ID (e.g. 123456789)\r
  • DESCRIPTION: Role description (e.g. responsible for content marketing and social media)\r \r If any field is missing, ask the user to provide it before continuing.\r \r

2. Detect Installation Directory\r

\r Read the current openclaw.json path, extract the actual paths from the existing main agent in agents.list to derive:\r

  • STATE_DIR: e.g. /home/openclaw/.openclaw\r
  • MAIN_WORKSPACE: main agent workspace path\r
  • MAIN_AGENT_DIR: main agent agentDir path\r
  • NEW_WORKSPACE: ${STATE_DIR}/workspace-${AGENT_ID}\r
  • NEW_AGENT_DIR: ${STATE_DIR}/agents/${AGENT_ID}/agent\r \r

3. Backup Config File\r

cp ${CONFIG_PATH} ${CONFIG_PATH}.bak.$(date +%Y%m%d%H%M%S)\r
```\r
\r
### 4. Run openclaw agents add\r
```bash\r
openclaw agents add ${AGENT_ID}\r
```\r
\r
This automatically initializes the workspace directory structure, agentDir, and default files like SOUL.md and AGENTS.md.\r
\r
### 5. Copy Auth, Skills and USER.md\r
```bash\r
# Copy auth profiles\r
cp ${MAIN_AGENT_DIR}/auth-profiles.json \\r
   ${NEW_AGENT_DIR}/auth-profiles.json\r
\r
# Copy skills\r
cp -r ${MAIN_WORKSPACE}/skills/ \\r
      ${NEW_WORKSPACE}/skills/\r
\r
# Copy USER.md\r
cp ${MAIN_WORKSPACE}/USER.md \\r
   ${NEW_WORKSPACE}/USER.md\r
```\r
\r
### 6. Generate Persona Files\r
\r
Overwrite `${NEW_WORKSPACE}/SOUL.md`:\r
```markdown\r
# ${AGENT_NAME}\r
\r
## Identity\r
You are ${AGENT_NAME}, ${DESCRIPTION}.\r
Your partner is the main agent. You collaborate together to complete tasks.\r
\r
## Core Responsibilities\r
${DESCRIPTION}\r
\r
## Personality\r
- Action-oriented: Break down tasks immediately and provide clear execution steps\r
- Proactive reporting: Report results to main after completing tasks\r
- Professional: Maintain high standards for all outputs\r
\r
## Rules\r
- Do not execute high-risk operations without confirmation\r
- Always notify the user before executing operations that require manual approval\r
```\r
\r
Overwrite `${NEW_WORKSPACE}/AGENTS.md`:\r
```markdown\r
# ${AGENT_NAME} Agent Configuration\r
\r
## Other Agents in the System\r
\r
- **main**: Primary agent, responsible for daily conversation, task coordination and decisions\r
- **${AGENT_ID} (yourself)**: ${DESCRIPTION}\r
\r
## Collaboration Rules\r
\r
### Receiving Tasks from main\r
1. Confirm task goal and priority\r
2. Break down execution steps\r
3. Execute and record results\r
4. Report results back to main upon completion\r
\r
### When to Proactively Contact main\r
- Operations that require final user confirmation\r
- Result reporting after task completion\r
- Escalating anomalies or unexpected situations\r
```\r
\r
### 7. Update openclaw.json\r
\r
Read the current config and append the following:\r
\r
**Add to agents.list:**\r
```json\r
{\r
  "id": "${AGENT_ID}",\r
  "name": "${AGENT_NAME}",\r
  "workspace": "${NEW_WORKSPACE}",\r
  "agentDir": "${NEW_AGENT_DIR}"\r
}\r
```\r
\r
**Add to bindings:**\r
```json\r
{\r
  "agentId": "${AGENT_ID}",\r
  "match": {\r
    "channel": "telegram",\r
    "accountId": "${AGENT_ID}"\r
  }\r
}\r
```\r
\r
**Add to channels.telegram.accounts:**\r
```json\r
"${AGENT_ID}": {\r
  "enabled": true,\r
  "botToken": "${BOT_TOKEN}",\r
  "dmPolicy": "pairing",\r
  "allowFrom": ["${ALLOW_FROM}"],\r
  "groupPolicy": "allowlist",\r
  "streaming": "off"\r
}\r
```\r
\r
**Handle tools config (check before writing):**\r
\r
Check whether the `tools` field exists:\r
\r
- If `tools` does not exist, add the full block:\r
```json\r
"tools": {\r
  "agentToAgent": {\r
    "enabled": true,\r
    "allow": ["main", "${AGENT_ID}"]\r
  },\r
  "sessions": {\r
    "visibility": "all"\r
  }\r
}\r
```\r
\r
- If `tools` exists but has no `agentToAgent`, add it:\r
```json\r
"agentToAgent": {\r
  "enabled": true,\r
  "allow": ["main", "${AGENT_ID}"]\r
}\r
```\r
\r
- If `agentToAgent` already exists, only append `"${AGENT_ID}"` to the `allow` array (no duplicates)\r
\r
- If `sessions.visibility` does not exist, add it:\r
```json\r
"sessions": {\r
  "visibility": "all"\r
}\r
```\r
\r
### 8. Validate JSON\r
```bash\r
cat ${CONFIG_PATH} | python3 -m json.tool\r
```\r
\r
If validation fails, stop immediately and restore from backup:\r
```bash\r
cp ${CONFIG_PATH}.bak.* ${CONFIG_PATH}\r
```\r
Report the exact error to the user.\r
\r
### 9. Fix File Permissions\r
```bash\r
chown -R $(stat -c '%U:%G' ${MAIN_WORKSPACE}) ${NEW_WORKSPACE}/\r
chown -R $(stat -c '%U:%G' ${MAIN_AGENT_DIR}) ${NEW_AGENT_DIR}/\r
```\r
\r
### 10. Report Completion\r
\r
Reply to the user:\r
```\r
✅ Agent "${AGENT_NAME}" (${AGENT_ID}) created successfully!\r
\r
Completed:\r
- openclaw agents add initialized\r
- openclaw.json updated\r
- Auth, skills and USER.md copied from main\r
- SOUL.md / AGENTS.md generated\r
- agentToAgent communication configured\r
- JSON validation passed\r
\r
⚠️ Manual steps required:\r
1. Restart the Gateway:\r
   openclaw gateway restart\r
\r
2. Verify bindings:\r
   openclaw agents list --bindings\r
\r
3. Open Telegram, find the new Bot and send /start to complete pairing\r
Usage Guidance
This skill generally does what it says, but proceed carefully. Before running: 1) Ensure you know where your openclaw.json (CONFIG_PATH) actually resides and back it up manually (don't rely on wildcard restores). 2) Inspect main/auth-profiles.json — it may contain tokens/credentials; decide whether the new agent should receive those secrets or if you should copy only a sanitized subset. 3) Enforce a safe AGENT_ID character policy (alphanumeric, hyphen/underscore) to avoid path traversal or injection. 4) Prefer safer JSON edits (jq or a small script) and atomic file writes rather than ad-hoc appends; validate and review the modified openclaw.json before restarting the gateway. 5) Avoid handing BOT_TOKEN through insecure channels; provide it securely when prompted. If possible, test the procedure in a non-production environment first. These changes reduce the chance of accidental credential exposure or configuration corruption.
Capability Analysis
Type: OpenClaw Skill Name: add-agent Version: 1.0.0 The skill is designed for administrative tasks, but it directly incorporates user-provided inputs (`AGENT_ID`, `AGENT_NAME`, `BOT_TOKEN`, `ALLOW_FROM`, `DESCRIPTION`) into shell commands and configuration files without explicit sanitization. This creates significant vulnerabilities, including potential shell injection (e.g., in `SKILL.md` step 4: `openclaw agents add ${AGENT_ID}`), JSON injection when updating `openclaw.json` (step 7), and prompt injection against the newly created agent by crafting `AGENT_NAME` or `DESCRIPTION` in its `SOUL.md`/`AGENTS.md` (step 6). While the skill's stated purpose is benign, these critical vulnerabilities could be exploited for unauthorized command execution or agent manipulation.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the SKILL.md details creating workspaces, updating openclaw.json, copying skills/auth and configuring Telegram binding. The meta.json requirement of python3 aligns with using python -m json.tool for validation.
Instruction Scope
Instructions tell the agent to read and modify the global openclaw.json, copy auth-profiles.json (potentially containing secrets), copy the full skills directory, and change ownership. Several important variables (e.g., CONFIG_PATH/where to find openclaw.json) are assumed but not clearly defined. There is no input sanitization (AGENT_ID, BOT_TOKEN, ALLOW_FROM), no protection against path traversal or injection, and restore instructions use a wildcard pattern (cp ${CONFIG_PATH}.bak.* ${CONFIG_PATH}) which is unsafe. These gaps could lead to accidental config corruption or unintended disclosure/duplication of secrets.
Install Mechanism
This is an instruction-only skill with no install actions or external downloads. That's lower risk; the only runtime dependency is python3 (declared in _meta.json) and is justified by the JSON validation step.
Credentials
The skill does not request environment variables or external credentials, which is consistent. However, it instructs copying auth-profiles.json from the main agent into the new agent's directory — effectively duplicating whatever credentials live there. Copying credentials is plausible for convenience but increases attack surface and may be disproportionate unless the user intends the new agent to have identical access. The SKILL.md doesn't offer an option to exclude or filter sensitive entries.
Persistence & Privilege
The skill modifies the global openclaw.json and agent-to-agent bindings (expected for creating a new agent). It does not request always:true or persistent privileges. Still, writing to global config and enabling agentToAgent communication are privileged actions: users should review resulting openclaw.json changes before restarting services.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install add-agent
  3. After installation, invoke the skill by name or use /add-agent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
add-agent 1.0.0 - Initial release for creating new isolated OpenClaw Agents with dedicated Telegram Bots. - Automates openclaw.json configuration, workspace setup, and copying of auth profiles and skills. - Generates personalized SOUL.md and AGENTS.md files for each agent. - Includes safety: config file backup, JSON validation, and file permission fixes. - Provides step-by-step user instructions for completing setup and verification.
Metadata
Slug add-agent
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is add-agent?

Add a new OpenClaw Agent, automatically configure openclaw.json, create workspace, copy auth and skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 483 downloads so far.

How do I install add-agent?

Run "/install add-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is add-agent free?

Yes, add-agent is completely free (open-source). You can download, install and use it at no cost.

Which platforms does add-agent support?

add-agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created add-agent?

It is built and maintained by owen (@owen-ai-01); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments