← Back to Skills Marketplace
76
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install nm-attune-mission-orchestrator
Description
Lifecycle orchestrator that auto-detects project state and routes to the correct development phase
Usage Guidance
This skill appears to implement what it claims, but its runtime instructions expect local git and the GitHub CLI and will read and modify repository files and create issues on GitHub. Before installing or running it: (1) Confirm who will run the skill and what git/GitHub credentials that agent has. (2) Expect it to write .attune/mission-state.json and possibly edit artifact files—keep backups or run in a fork/isolated repo. (3) If you do not want automatic issue creation, use the --no-auto-issues flag or avoid --auto. (4) Ask the publisher to declare required binaries and credentials (e.g., gh, git, GITHUB_TOKEN) in the skill metadata so you can evaluate permissions. (5) If you need higher assurance, review the attune and leyline skill implementations that this orchestrator invokes to confirm they do not perform unexpected network or credential access.
Capability Analysis
Type: OpenClaw Skill
Name: nm-attune-mission-orchestrator
Version: 1.0.0
The skill bundle is a development lifecycle orchestrator that manages project phases from brainstorming to execution. It is classified as suspicious due to a potential shell injection vulnerability in 'modules/phase-routing.md'. The instructions direct the AI agent to extract 'Out of Scope' items from project documents and pass them directly into a 'gh issue create' shell command without specifying input sanitization or escaping. This could allow an attacker who can influence the project's documentation (e.g., via a pull request) to execute arbitrary commands on the user's system if the agent executes the command naively.
Capability Assessment
Purpose & Capability
Name/description and the SKILL.md consistently describe a lifecycle orchestrator that delegates to attune/leyline skills and persists mission state. The declared config paths (night-market.attune/* and night-market.leyline/*) align with invoked skills and hooks, so purpose and high-level capabilities are coherent.
Instruction Scope
SKILL.md instructs the agent to scan the repository (docs/*, .attune/, git history), read and modify artifacts (update 'Out of Scope' with issue references), persist state to .attune/mission-state.json, run git commands (git log --since) and run the GitHub CLI (gh issue create). These actions go beyond passive analysis: they read and write repo files and invoke external network operations. While these are plausible for an orchestrator, they are not declared and grant the skill broad discretion to modify project files and call external endpoints.
Install Mechanism
Instruction-only skill with no install steps or downloaded code. That minimizes installer risk because nothing new is written to disk by an installer. The runtime actions (file I/O, shell commands) remain a runtime concern rather than an install-time risk.
Credentials
The skill requires no environment variables in metadata, but its instructions rely on tools and credentials that are not declared: the GitHub CLI ('gh') and authenticated GitHub access to create issues, plus git for repository checks. It will also write to the working tree (.attune/mission-state.json and possibly update artifacts). The missing declaration of required binaries and credentials (e.g., gh auth/GITHUB_TOKEN) is a mismatch and could lead to unexpected network activity or failures.
Persistence & Privilege
The skill persists state to .attune/mission-state.json and can modify artifacts (adding issue references). That persistence and write access is consistent with an orchestrator's needs, but it is persistent on disk and will alter repository files. 'always' is false (good). Autonomous invocation is allowed by default—combined with the above concerns, this increases the blast radius if the agent is granted repo and GitHub permissions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nm-attune-mission-orchestrator - After installation, invoke the skill by name or use
/nm-attune-mission-orchestrator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Mission Orchestrator skill, automating project lifecycle management across multiple Attune phases.
- Automatically detects project state and routes to the correct phase (brainstorm, specify, plan, execute)
- Supports resumable missions with persistent state and session recovery
- Integrates modular skills for each phase; configurable via mission types
- Auto-triages backlog and manages progress checkpoints and risk escalation
- Designed for end-to-end automation of project workflows, from inception to execution
Metadata
Frequently Asked Questions
What is Nm Attune Mission Orchestrator?
Lifecycle orchestrator that auto-detects project state and routes to the correct development phase. It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.
How do I install Nm Attune Mission Orchestrator?
Run "/install nm-attune-mission-orchestrator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nm Attune Mission Orchestrator free?
Yes, Nm Attune Mission Orchestrator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nm Attune Mission Orchestrator support?
Nm Attune Mission Orchestrator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nm Attune Mission Orchestrator?
It is built and maintained by athola (@athola); the current version is v1.0.0.
More Skills