← Back to Skills Marketplace
Skill Composer
by
utopiabenben
· GitHub ↗
· v1.0.0
· MIT-0
253
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-composer
Description
编排多个OpenClaw技能成自动化工作流,一次命令完成复杂任务。
Usage Guidance
What to check before installing:
1) Understand the delegation risk: Composer runs whatever 'claw skill exec <skill>' you list in workflows. Verify that every skill you will orchestrate is trusted and does not have permissions to read/exfiltrate secrets or sensitive files.
2) Ensure the required runtime is present: The code calls the 'claw' CLI but the top-level metadata did not declare 'claw' as a required binary. Confirm you have a legitimate 'claw' binary (the OpenClaw CLI) and that it is the expected official tool.
3) Use preview/validate first: The composer provides preview and validate modes—use them to inspect what will run before executing workflows. Start with non-privileged workflows in a sandboxed environment.
4) Check path/documentation mismatches: SKILL.md and install.sh reference scripts under 'scripts/', but the provided code is at source/composer.py. Confirm where to invoke the script and adjust paths if needed.
5) Review assumptions in workflows: The composer assumes the last arg is the output path and uses simple string interpolation; ensure your workflows conform to these expectations or the recorded outputs may be wrong.
6) Condition expressions: Conditions are evaluated using eval with builtins removed, which limits abuse but is not perfectly safe—avoid trusting untrusted workflow files.
7) Installation: install.sh uses apt-get or pip3 to install PyYAML (no external downloads). Prefer installing in an isolated environment (venv/container) to limit system impact.
If you need to proceed: run composer.py preview <workflow> and validate first, audit all skills you plan to call, and run in an isolated environment until you are confident.
Capability Analysis
Type: OpenClaw Skill
Name: skill-composer
Version: 1.0.0
The skill-composer bundle is designed to orchestrate multiple OpenClaw skills into automated workflows using YAML definitions. It is classified as suspicious due to the use of the `eval()` function in `source/composer.py` to process conditional logic ('if' statements) within workflow files; while it attempts to restrict built-ins, this remains a significant code execution vulnerability if an agent or user processes an untrusted YAML file. The core functionality relies on `subprocess.run` to execute other skills, which is consistent with its stated purpose but represents a high-privilege capability.
Capability Assessment
Purpose & Capability
The name/description match the implementation: this is a workflow composer that runs other OpenClaw skills. The code uses a YAML workflow and calls a CLI to execute skills, which is coherent with the stated purpose. The skill.json lists python3 and PyYAML dependency (appropriate).
Instruction Scope
Runtime instructions and the python code actually run arbitrary installed skills using subprocess to call 'claw skill exec <skill> ...'. The skill delegates execution to other skills (broad authority). The code performs variable interpolation (OK) and evaluates conditions using eval with builtins removed (safer than raw eval but still uses eval). It also assumes the last argument is the step's output path (a fragile, naive heuristic). SKILL.md and install.sh reference a path like {baseDir}/scripts/composer.py but the provided code lives at source/composer.py — documentation/path mismatch. The implementation requires the 'claw' CLI at runtime but this binary is not declared in the top-level registry metadata (discrepancy). Because it can run any installed skill, a malicious or misconfigured downstream skill could exfiltrate data or access credentials; the composer itself doesn't read arbitrary system files, but it enables others to do so.
Install Mechanism
No external downloads or obfuscated installers. An included install.sh installs PyYAML using apt-get or pip3 (standard). skill.json also declares a pip install for PyYAML. There is a minor inconsistency between the registry metadata (which earlier said 'no install spec') and the internal skill.json/install.sh that do provide install steps.
Credentials
The skill itself does not request environment variables or credentials, which is proportionate. However, skill.json declares it can orchestrate any installed skills ("skills": ["*"]), so it may invoke other skills that do require sensitive credentials — this increases the effective scope and risk and should be considered when installing the composer.
Persistence & Privilege
always:false and default autonomous invocation are used (normal). The skill does not request persistent system-wide privileges or modify other skills' configurations. Still, because it can autonomously run any installed skill, its blast radius is larger than a single-purpose skill; combine with other issues if you need to restrict execution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-composer - After installation, invoke the skill by name or use
/skill-composer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: orchestrate multiple skills into workflows
Metadata
Frequently Asked Questions
What is Skill Composer?
编排多个OpenClaw技能成自动化工作流,一次命令完成复杂任务。 It is an AI Agent Skill for Claude Code / OpenClaw, with 253 downloads so far.
How do I install Skill Composer?
Run "/install skill-composer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Composer free?
Yes, Skill Composer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Composer support?
Skill Composer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Composer?
It is built and maintained by utopiabenben (@utopiabenben); the current version is v1.0.0.
More Skills