← Back to Skills Marketplace
t0nyren

Manus on OpenClaw

by t0nyren · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
269
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install manus-openclaw-bridge
Description
Connect OpenClaw to Manus task APIs for chat-driven image generation, document/slides jobs, task polling, output collection, and messaging-surface return flows.
README (SKILL.md)

Manus OpenClaw Bridge

Use this skill to turn OpenClaw into a Manus launcher and result collector.

Requirements

Runtime dependencies:

  • OpenClaw
  • Bash
  • curl
  • Python 3.9+
  • Node.js 18+ (required for slides JSON -> PPTX conversion)

Required local configuration:

  • ~/.config/manus-openclaw-bridge/manus.env
  • MANUS_API_KEY must be supplied by each installer
  • MANUS_API_BASE must be supplied explicitly by each installer and must use https://

Read REQUIREMENTS.md for a concise dependency and configuration summary. Read SECURITY.md for the download and credential safety model.

Quick start

  1. Read references/setup.md if Manus API access is not configured yet.
  2. Put the Manus API key and Manus API base URL in ~/.config/manus-openclaw-bridge/manus.env.
  3. Submit a task with scripts/manus_submit.sh or scripts/manus_prompt.sh.
  4. Poll/download results with scripts/manus_get_task.sh or scripts/manus_wait_and_collect.py.
  5. If the result is a slides JSON bundle, convert it with scripts/manus_slides_json_to_pptx.mjs.
  6. If the user is on Feishu, return downloaded files with the normal OpenClaw message/file send flow.

Workflow

1. Submit a new Manus task

Use scripts/manus_submit.sh "\x3Cprompt>" when the prompt is already clean.

Use scripts/manus_prompt.sh "Manus, generate an image of a rainy forest" when the message may contain a leading Manus trigger and mixed punctuation.

Defaults:

  • MANUS_AGENT_PROFILE=manus-1.6
  • MANUS_TASK_MODE=agent
  • MANUS_API_BASE must be set explicitly to your Manus API base URL

2. Inspect an existing task

Use scripts/manus_get_task.sh \x3Ctask_id> to fetch the raw task payload.

3. Wait for completion and collect files

Use python3 scripts/manus_wait_and_collect.py \x3Ctask_id> [timeout_seconds].

This writes downloaded files to tmp/manus/ under the skill folder and prints a JSON summary with:

  • task_id
  • status
  • task_title
  • task_url
  • files[]
  • raw

Download safety rules:

  • only https:// URLs are accepted
  • only Manus-controlled allowlisted hosts are accepted
  • redirect targets are validated again after connection open
  • if Manus returns any other URL, the script refuses to fetch it and records a download_error

4. Handle slides/report outputs

If Manus returns a slides JSON artifact instead of a ready-made .pptx, convert it with:

node scripts/manus_slides_json_to_pptx.mjs \x3Cslides.json> \x3Coutput.pptx>

Read references/slides.md when the task is slide-heavy.

5. Return results to the user

Prefer this pattern:

  • If Manus returns downloadable files, send the files.
  • If Manus returns images, send image files directly.
  • If Manus returns only text/status, send a short summary plus the task URL when available.
  • If Manus is still running, acknowledge quickly and poll with a bounded interval instead of a tight loop.

Feishu return pattern

When the current conversation is Feishu:

  • Download files first with scripts/manus_wait_and_collect.py.
  • Send each saved file path back through OpenClaw’s normal reply/file mechanism.
  • For images, prefer image/file upload rather than pasting long CDN URLs.
  • If there are multiple files, send the best result first, then the rest if useful.

Read references/feishu-return.md when wiring file return behavior.

OpenClaw integration notes

  • Keep secrets out of the skill package. Never hardcode MANUS_API_KEY in scripts or docs.
  • Store keys and endpoints in ~/.config/manus-openclaw-bridge/manus.env on each recipient machine.
  • For direct-message style image requests, a simple trigger is enough: strip Manus, or manus: and forward the remainder.
  • For group chats, define an explicit trigger rule to avoid accidental job launches.
  • If returning files to Feishu/Telegram/etc., use the platform’s native send/upload tool after manus_wait_and_collect.py downloads the outputs.
  • If the request is long-running, prefer acknowledging first and completing asynchronously.

When to read references

  • Read references/setup.md for first-time installation and environment setup.
  • Read references/chat-patterns.md when wiring the Manus flow into OpenClaw message handling rules.
  • Read references/feishu-return.md when returning Manus images/files into Feishu.
  • Read references/feishu-skill-template.md when another OpenClaw user wants a ready-made Feishu routing pattern.
  • Read references/openclaw-integration.md for a full end-to-end integration pattern.
  • Read references/slides.md when handling deck-generation outputs.
Usage Guidance
This skill appears to implement a legitimate Manus–OpenClaw bridge, but do not install/run it without addressing two issues: (1) update the package/registry metadata to declare MANUS_API_KEY and MANUS_API_BASE so installers know they must supply credentials locally; (2) fix or avoid using scripts/manus_slides_json_to_pptx.mjs as shipped — it will fetch slide asset URLs over plain HTTP and follow redirects without enforcing the Manus host allowlist described in SKILL.md/SECURITY.md. Until the slides script is patched to enforce HTTPS and host allowlisting (or you sandbox its execution), treat slide conversion as untrusted network I/O. Also: keep your MANUS_API_KEY in a secure local file (as recommended), run the skill in a least-privileged/sandboxed environment, and review any slide JSON before converting to avoid unexpected external downloads.
Capability Analysis
Type: OpenClaw Skill Name: manus-openclaw-bridge Version: 1.0.2 The skill bundle contains critical shell injection vulnerabilities in 'scripts/manus_submit.sh' and 'scripts/manus_get_task.sh', where user-provided prompts and task IDs are expanded inside double-quoted strings in curl commands, potentially allowing Remote Code Execution (RCE). Furthermore, there is a significant security discrepancy: 'SKILL.md' and 'SECURITY.md' claim that all downloads are restricted to HTTPS and allowlisted hosts, but 'scripts/manus_slides_json_to_pptx.mjs' fails to implement these checks, allowing plain HTTP and arbitrary host connections. While these appear to be unintentional security flaws rather than deliberate malware, they represent a high-risk attack surface for prompt-driven exploitation.
Capability Assessment
Purpose & Capability
The skill's code and SKILL.md align with the stated purpose (submit Manus tasks, poll results, download outputs, convert slides). However the registry metadata lists no required env vars while SKILL.md and the scripts require MANUS_API_KEY and MANUS_API_BASE in ~/.config/manus-openclaw-bridge/manus.env — this metadata mismatch is an integrity/packaging concern and could mislead installers.
Instruction Scope
Most runtime instructions stay within scope: scripts only source the local config file and call Manus endpoints. But manus_slides_json_to_pptx.mjs downloads arbitrary asset URLs from slide JSON and accepts HTTP URLs (it uses http or https based on the URL) and follows redirects without any host allowlist or revalidation. That contradicts the SKILL.md/SECURITY.md claim that only HTTPS and allowlisted Manus hosts will be fetched, creating a real risk of fetching untrusted content or following redirects to attacker-controlled hosts.
Install Mechanism
This is an instruction-only skill (no install spec). No remote installer or archive downloads are performed by the package itself; scripts live in the package. No high-risk install URLs are present.
Credentials
Requesting MANUS_API_KEY and MANUS_API_BASE is proportionate to a Manus bridge. However the required-envs are not declared in the registry metadata (it shows none), which is inconsistent and could hide the need to supply credentials at install time. The scripts otherwise only read that local env file and a MANUS_CONFIG_FILE override.
Persistence & Privilege
The skill does not request always:true and has no special persistent privileges. It writes downloaded files into its own tmp/.manus folder and slide assets under the output directory; it does not modify other skills or system-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install manus-openclaw-bridge
  3. After installation, invoke the skill by name or use /manus-openclaw-bridge
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Version 1.0.2 - Added skill metadata fields: version, requires, config, external_services, and security_notes. - Explicitly require both MANUS_API_KEY and MANUS_API_BASE in configuration, with base URL restricted to HTTPS. - Enhanced security notes: download redirects are now revalidated and no secrets are bundled with the skill package. - Improved documentation to clarify required environment variables and stricter setup steps.
v1.0.1
Version 1.0.1 - Added REQUIREMENTS.md and SECURITY.md for clearer dependency, configuration, and download/credential safety documentation. - Updated skill description to clarify runtime dependencies and downloader safety behavior. - Expanded documentation in SKILL.md to explicitly list prerequisites, configuration steps, and download restrictions. - Manus downloader now strictly allows only HTTPS URLs from an allowlisted set of Manus-controlled hosts for improved security.
v1.0.0
manus-openclaw-bridge v1.0.0 – Initial public release - Enables OpenClaw to connect with Manus APIs for chat-driven image generation and document/slide jobs. - Provides scripts for submitting tasks, polling task status, downloading and converting Manus outputs (including slides JSON to PPTX). - Outlines integration patterns for messaging platforms like Feishu, including file handling and return flows. - Includes setup and integration documentation, with references for environment, chat handling, and output processing. - Emphasizes secure API key storage and best practices for asynchronous job handling.
Metadata
Slug manus-openclaw-bridge
Version 1.0.2
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Manus on OpenClaw?

Connect OpenClaw to Manus task APIs for chat-driven image generation, document/slides jobs, task polling, output collection, and messaging-surface return flows. It is an AI Agent Skill for Claude Code / OpenClaw, with 269 downloads so far.

How do I install Manus on OpenClaw?

Run "/install manus-openclaw-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Manus on OpenClaw free?

Yes, Manus on OpenClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Manus on OpenClaw support?

Manus on OpenClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Manus on OpenClaw?

It is built and maintained by t0nyren (@t0nyren); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments