OpenClaw 晴晴终极套件

OpenClaw 终极技能整合套件 - 29 个技能一站式整合 × 61 个专业 Agent × 安全内置 × 自动激活 × 飞书集成。晴晴超级版：办公效率 + 生活助手 + 社交媒体 + 信息收集 + AI 代理 + 安全守护。

Summary of what to do before installing/activating: 1) Inspect scripts before running: open scripts/install.sh, scripts/deploy.sh and any skills' install/start scripts to confirm they don't download or execute untrusted binaries. Run them in a VM or container if you must test them. 2) Do NOT enable AUTO_SKILL_ACTIVATION or FEISHU_NOTIFY until you audit: automatic activation will cause many subskills/agents to run and may make outbound requests or post files to Feishu. Keep automatic activation off and test skills manually first. 3) Verify credential handling: the suite references Feishu, Xiaohongshu, TikTok, and IronClaw API keys in docs but they are not declared as required metadata. Expect to be asked for tokens; don't paste secrets into prompts. Use a secrets manager (1Password) as recommended and confirm where secrets are read from. 4) Review SKILL.md and flagged content: the unicode-control-chars finding suggests possible prompt obfuscation — open SKILL.md and other agent files to ensure there are no hidden control sequences or instructions that alter prompt behavior. 5) Run local audits: use the included ironclaw_audit.py and any linter/static analysis on the repo in an isolated environment to see what the suite will do. If you have a sandboxed account, test Feishu delivery with a throwaway or test workspace. 6) Prefer manual activation & minimal privileges: start by invoking a single, low-risk skill (e.g., weather) manually and check logs (~/.openclaw/logs). Only broaden permissions after successful inspections. If you want, I can (a) highlight lines in specific scripts that look suspicious if you paste them here, or (b) produce a short checklist of file/strings to grep for (network calls, exec()/subprocess, hard-coded tokens, base64 strings, shell redirects) to help your audit.

Type: OpenClaw Skill Name: openclaw-ultimate-suite Version: 3.0.0 The bundle is a comprehensive and well-documented suite of 30 skills and 61 agents designed for productivity, research, and security. The most significant security-relevant behaviors include the 'IronClaw' security tool (ironclaw_audit.py), which sends file content and messages to an external API (ironclaw.io) for threat labeling, and the workspace synchronization script (sync_openclaw_workspace.sh), which modifies the agent's core instruction files (AGENTS.md and TOOLS.md). These behaviors are transparently documented as core features for providing cloud-based security scanning and automated skill registration. The suite also includes proactive security measures like a repository auditor (repo_commander_audit.py) that scans for leaked secrets and a watchdog process (guardian.sh) for automated system recovery.