← Back to Skills Marketplace
461
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install miniade-dispatchi
Description
Launch non-blocking interactive Claude Code tasks for slash-only plugins like ralph-loop. Use when a task needs interactive slash commands and completion cal...
Usage Guidance
This skill appears to do what it says (start interactive Claude Code sessions in tmux), but check these before installing:
- Verify required runtime binaries are present: python3, tmux, jq, sha1sum (coreutils), and the claude CLI at CLAUDE_CODE_BIN. The metadata did not list these, so the script may fail if they are missing.
- Inspect any dispatch.env.local you provide — the loader exports allowlisted keys (OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, etc.). Those can reference config files or credentials; only supply values you trust.
- Keep ENABLE_CALLBACK disabled (default 0) unless you intentionally want the skill to post callbacks to Telegram/group hooks. Enabling callbacks may cause network activity and should be configured deliberately.
- Confirm the claude binary you point to (CLAUDE_CODE_BIN) is trusted, since it will make network calls to the Claude service.
- Consider running the script in a controlled environment (non-production user account) first to verify output/log locations and behavior.
If you want me to, I can list the exact commands the scripts invoke and a checklist of binaries/paths to validate on your host.
Capability Analysis
Type: OpenClaw Skill
Name: miniade-dispatchi
Version: 0.1.1
The skill is classified as suspicious due to a prompt injection vulnerability. The `scripts/run_dispatchi.sh` script constructs a `RALPH_CMD` string that includes user-provided `PROMPT` text, which is then passed to the `claude` agent. Although `shlex.quote` is used to prevent shell injection into the `python3` wrapper, the `PROMPT` itself is double-quoted within the `RALPH_CMD` string (e.g., `/ralph-loop:ralph-loop "${PROMPT}"`). This allows a malicious user to inject arbitrary arguments into the `ralph-loop` command by crafting a `PROMPT` that breaks out of the inner quotes (e.g., `foo" --evil-arg "bar`), thereby manipulating the AI agent's internal command execution. Additionally, `scripts/vendor/claude_code_run.py` includes logic to automatically bypass `claude`'s workspace trust and permission prompts, which, while configurable, reduces interactive security checks.
Capability Assessment
Purpose & Capability
The name/description (launch interactive Claude Code tasks for slash-only plugins) matches what the scripts do: spawn Claude CLI sessions in tmux, capture output, and manage runs. Included files (a wrapper and shell launcher) are coherent with the stated purpose.
Instruction Scope
SKILL.md simply delegates to scripts/run_dispatchi.sh, and that script limits env file parsing to an allowlist, writes results to per-run directories, and launches tmux + a local claude CLI. The runtime does not attempt to read arbitrary files or source env files, but it does expect/require runtime binaries (tmux, jq, python3, sha1sum, claude, etc.) that are not declared in the skill metadata. The script can also enable callbacks (ENABLE_CALLBACK=1), which would cause external network interactions when explicitly enabled.
Install Mechanism
No install spec (instruction-only with bundled scripts) — nothing is downloaded at runtime and code is bundled with the skill. This is a low install-risk pattern.
Credentials
The skill declares no required env vars, but the script reads a local env file (allowlisted keys only) and exports variables such as OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, and CLAUDE_CODE_BIN. Some of these (e.g., OPENCLAW_CONFIG) may point to files containing sensitive tokens; callbacks are disabled by default but can be enabled via ENABLE_CALLBACK=1, which would allow network interactions (e.g., Telegram group) if configured. The presence of many optional but potentially sensitive env keys is disproportionate unless you intend to integrate OpenClaw/Telegram/claude on that host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and runs as a transient tmux session. It writes run outputs and logs under configurable result/log directories (defaults are user-home paths), which is expected behavior for this utility.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install miniade-dispatchi - After installation, invoke the skill by name or use
/miniade-dispatchi - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
release 0.1.1
Metadata
Frequently Asked Questions
What is Dispatchi (Ralph Loop)?
Launch non-blocking interactive Claude Code tasks for slash-only plugins like ralph-loop. Use when a task needs interactive slash commands and completion cal... It is an AI Agent Skill for Claude Code / OpenClaw, with 461 downloads so far.
How do I install Dispatchi (Ralph Loop)?
Run "/install miniade-dispatchi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Dispatchi (Ralph Loop) free?
Yes, Dispatchi (Ralph Loop) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Dispatchi (Ralph Loop) support?
Dispatchi (Ralph Loop) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Dispatchi (Ralph Loop)?
It is built and maintained by Xi ErDe (@edxi); the current version is v0.1.1.
More Skills