← Back to Skills Marketplace
whhaijun

Smart Agent Template

by Mark · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
96
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install smart-agent-template
Description
Smart Agent 工作流模板:三重判断机制 + 自动更新 + Context 优化。包含完整的任务执行规范、WBS 拆分、流程豁免阈值、记忆管理等最佳实践。
Usage Guidance
Before installing or running this skill: 1) Treat the repo as code that will run on your system — audit scripts/auto_update.sh and any start scripts. 2) Disable automatic updates (set config/auto_update.yaml enabled: false and do not run auto_update.sh) until you trust the source. 3) Inspect any code that will be run on startup (bot entrypoints, auto-update, health/metrics scripts) and verify they don't call external URLs you don't expect. 4) Be cautious about enabling integrations — only set FEISHU/TELEGRAM/CLAUDE/OPENAI/OLLAMA credentials if you reviewed the integration code; keep secrets out of shared/mounted workspaces. 5) If you plan to let other agents 'read and obey' AGENTS.md or inject it into system prompts, be aware this is effectively a system-prompt override; only do so with fully audited content. 6) Prefer running in an isolated environment (container or VM) and limit network access until you've audited the update mechanism and webhook handlers. 7) If you need higher assurance, ask the publisher for a source URL / signed release; absence of a homepage and unknown owner ID reduces trust.
Capability Analysis
Type: OpenClaw Skill Name: smart-agent-template Version: 1.1.0 The skill bundle is classified as suspicious due to several high-risk security practices and intentional security bypasses. Most notably, 'integrations/feishu/start_longconn.sh' and 'integrations/feishu/start_bot.py' explicitly disable SSL certificate verification, with the former even using a Python script to patch the 'lark-oapi' library code on the local disk to force an unverified SSL context. Additionally, 'scripts/auto_update.sh' implements an auto-update mechanism that performs a 'git pull' from a remote repository (github.com/whhaijun/agent-workflow.git), which introduces a significant supply chain risk and potential for remote code execution. While these appear to be misguided 'convenience' features for developers, they create critical vulnerabilities like Man-in-the-Middle (MITM) and unauthorized code execution.
Capability Assessment
Purpose & Capability
The files and code (memory manager, WBS, multi-agent docs, Telegram/Feishu bot integrations, ChromaDB/OpenClaw/Ollama guides) are broadly coherent with a 'smart agent workflow' template. However the registry metadata declares no required env vars or binaries while the included integration code and docs clearly expect many credentials and local services (Telegram token, Feishu app secrets, Claude/OpenAI API keys, Ollama local service, ChromaDB, OpenClaw). That mismatch is unexpected and should be justified by the author.
Instruction Scope
Runtime instructions and docs direct agents to read and enforce AGENTS.md (which the skill suggests embedding into other agents' system prompts), to auto-check/pull updates from GitHub/Gitee on startup, to run networked bots (webhooks/polling), and to access local memory files. The SKILL/README explicitly recommends making other agents 'read and obey' AGENTS.md (prompt injection risk). These instructions go beyond passive guidance and enable updating behavior and system-prompt modification.
Install Mechanism
There is no declared install spec, but the package contains scripts such as scripts/auto_update.sh and start scripts. The default auto_update.yaml enables update checks on startup (enabled: true, check_on_startup: true) and mentions silent updates. Automatic pull-and-update behavior from remote repositories creates a remote code execution/update vector unless you audit/disable it first.
Credentials
Registry lists no required environment variables, yet many files and docs require/expect secrets and endpoints (FEISHU_APP_ID/SECRET/VERIFICATION_TOKEN/ENCRYPT_KEY, TELEGRAM_BOT_TOKEN, CLAUDE_API_KEY, OPENAI_API_KEY, OLLAMA_BASE_URL, CHROMA/DB dirs, etc.). Requiring none in metadata while shipping integration code that needs sensitive credentials is an incoherence and raises risk of accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill isn't marked always:true, but it defaults to auto-update on startup and provides scripts to check and pull remote changes. That gives it potential to change its own code after installation (automatic updates) which increases blast radius. It does not appear to modify other skills' configs, but the ability to fetch and install updates silently is a privilege that should be controlled.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install smart-agent-template
  3. After installation, invoke the skill by name or use /smart-agent-template
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
新增自动更新功能 + 流程豁免阈值
v1.0.0
- Initial release of the smart-agent-workflow skill. - Provides a systematic AI agent methodology focused on high quality, high efficiency, and high cost-saving. - Features include task type identification, WBS decomposition, P0/P1 task reporting, safety checks, and context management. - Designed to be channel-agnostic; works with Claude Code, Cursor, Codex, OpenClaw, and any AI agent. - Offers practical setup guides and recommended installation combinations for easy adoption.
Metadata
Slug smart-agent-template
Version 1.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Smart Agent Template?

Smart Agent 工作流模板:三重判断机制 + 自动更新 + Context 优化。包含完整的任务执行规范、WBS 拆分、流程豁免阈值、记忆管理等最佳实践。 It is an AI Agent Skill for Claude Code / OpenClaw, with 96 downloads so far.

How do I install Smart Agent Template?

Run "/install smart-agent-template" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Smart Agent Template free?

Yes, Smart Agent Template is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Smart Agent Template support?

Smart Agent Template is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Smart Agent Template?

It is built and maintained by Mark (@whhaijun); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments