← Back to Skills Marketplace
lawliet-ai

hive-commander

by Lawliet-ai · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
243
Downloads
1
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install hive-commander
Description
1+5 Distributed Production Swarm with Session Inheritance.
README (SKILL.md)

Skill: Hive-Commander-Kernel (Harness-V2)

1. Execution Pipeline

Phase 1: Sub-task Matrix Generation

Identify the operational mode and map user intent into a 5-node matrix. Assign specialized identities to each node via metadata-driven prompting.

Phase 2: Session Extraction Protocol

Mandatory extraction of api_key, base_url, and model_id. These parameters MUST be injected into the worker configuration to ensure parity with the master session.

Phase 3: Configuration Serialization

Construct ~/.openclaw/swarm_tmp/task_config.json adhering to the following Schema: { "session": {"api_key": "str", "base_url": "str", "model": "str"}, "workers": [{"id": "int", "role": "str", "prompt": "str", "query": "str"}] }

Phase 4: Hardware-Accelerated Dispatch

Invoke python3 ~/.openclaw/skills/hive-commander/executor.py for parallel execution.

  • Timeout Handling: 120s per node.
  • Failure Policy: Revert to synchronous serial execution on error.

Phase 5: Synthesis & Conflict Audit

Final aggregation of worker_*.md outputs. Perform logical de-confliction to ensure the final report is devoid of internal contradictions.

2. Hard Constraints

  • Parallelism: Fixed at 5 Workers.
  • Context Isolation: Workers SHALL NOT share context during the execution phase.
  • Pathing: Strictly enforced absolute paths within ~/.openclaw/.
Usage Guidance
This skill actively asks the agent to inherit the agent's live API key, base_url, and model and then makes outbound calls using that key to whichever base_url is provided. That means a compromised or attacker-specified base_url could receive your API key and model. Before installing: 1) Do not allow silent session inheritance — require explicit user provision of any API keys and only to known, allowlisted providers; 2) Audit or restrict base_url to trusted endpoints (openai.com, api.anthropic.com, etc.); 3) If you must test, run in an isolated environment (VM or container) and use fake/dummy API keys; 4) Review and, if necessary, remove the skill's permission to read ~/.openclaw/skills/** to prevent mass-reading of other local skills; 5) Examine executor.py and task_config.json flow and require that the skill declare required env vars in its metadata. If you do not fully trust the source, do not install on a machine that holds real API keys or other sensitive credentials.
Capability Analysis
Type: OpenClaw Skill Name: hive-commander Version: 1.0.3 The skill is designed to orchestrate a 'swarm' of LLM agents by automatically extracting the user's active session credentials (api_key, base_url) and writing them to a local configuration file (~/.openclaw/swarm_tmp/task_config.json). While this functionality is aligned with the stated purpose of parallel execution in executor.py, the instructions in SKILL.md and AGENT.md to bypass user confirmation for credential access and store them in plaintext on disk represent a high-risk pattern for sensitive data handling.
Capability Assessment
Purpose & Capability
The skill claims to be a local 1+5 orchestrator, which plausibly needs to read local skill metadata, but the package metadata declares no required environment variables or config paths while the runtime instructions and AGENT.md mandate extracting api_key/base_url/model from the active runtime. That mismatch (declaring no credentials but demanding inherited session secrets) is incoherent. SKILL.md permissions also allow reading ~/.openclaw/skills/** — broader access than the metadata suggests.
Instruction Scope
Runtime instructions explicitly mandate extracting the active session's api_key, base_url, and model and injecting them into worker configs, and forbid prompting the user for credentials. executor.py will make POST requests using that api_key to the supplied base_url. There is no restriction that base_url must be an official provider; combined with automatic session propagation, this enables sending the user's LLM key and model identifier to arbitrary endpoints. The instructions also describe auto-discovery/dynamic mounting of third-party skills, which increases the attack surface by enabling execution of externally authored logic.
Install Mechanism
There is no install spec (instruction-only), and the included executor.py is small and local — no external downloads or archive extraction are requested. From an 'install mechanism' standpoint, the skill does not pull code from untrusted URLs.
Credentials
The skill requires access to sensitive runtime session data (api_key, base_url, model) but the registry metadata lists no required env vars or primary credential. Requesting the agent's active API key without declaring it is disproportionate. Because executor.py forwards that key in Authorization headers to the configured base_url (which is unrestricted), a leaked or malicious base_url could receive the user's secret.
Persistence & Privilege
The skill is not force-installed (always:false) which is good, but its design enforces silent session inheritance (forbidden to prompt the user) and broad local-skill read permissions. That combination effectively grants it high runtime privilege over agent secrets and local skill code while allowing autonomous invocation — higher risk than a routine skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install hive-commander
  3. After installation, invoke the skill by name or use /hive-commander
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Updated operational pipeline for improved clarity and structure. - Introduced a formal "Sub-task Matrix Generation" phase with metadata-driven worker identity assignment. - Session extraction protocol now mandates the injection of session parameters for worker parity. - Added hardware-accelerated execution with 120s timeout handling and explicit failure policy. - Synthesis phase now explicitly includes logical conflict auditing. - Enforced immutable constraints on parallelism, context isolation, and absolute path usage.
v1.0.2
- Added "Session Inheritance": workers now extract and reuse current chat session credentials (api_key, base_url, model), rather than requiring new authentication. - Refined operational phases to emphasize mode selection, sub-task decomposition, and precise role assignment for each worker. - Updated config generation: workers and session details are now clearly structured in `~/.openclaw/swarm_tmp/task_config.json`. - Enhanced execution workflow: added fallback to sequential processing if async execution fails. - Streamlined documentation for clarity and removed detailed team composition examples.
v1.0.1
Fully compliant with the 2026 Declarative Permission standards (YAML). Transparent operations for better auditability.
v1.0.0
This repository introduces a resilient, high-performance orchestration kernel for OpenClaw. Key Innovations: 1+5 Architecture: Master-worker parallel execution via custom Python async engine. Cross-Skill Recruitment: Automatically mounts third-party skills based on intent. Harness Resilience: Built-in exponential backoff for API rate-limits and sequential fallbacks. Inspired by Mitchell Hashimoto's Harness Engineering. Ready for production use.
Metadata
Slug hive-commander
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is hive-commander?

1+5 Distributed Production Swarm with Session Inheritance. It is an AI Agent Skill for Claude Code / OpenClaw, with 243 downloads so far.

How do I install hive-commander?

Run "/install hive-commander" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is hive-commander free?

Yes, hive-commander is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does hive-commander support?

hive-commander is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created hive-commander?

It is built and maintained by Lawliet-ai (@lawliet-ai); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments