← Back to Skills Marketplace
Project Orchestrator
by
reversTeam
· GitHub ↗
· v0.2.0
2383
Downloads
3
Stars
8
Active Installs
3
Versions
Install in OpenClaw
/install project-orchestrator
Description
AI agent orchestrator with Neo4j knowledge graph, Meilisearch search, and Tree-sitter parsing. Use for coordinating multiple coding agents on complex projects with shared context and plans.
Usage Guidance
What to consider before installing:
- This bundle is coherent with its stated functionality (Neo4j + Meilisearch + parsing) but contains full source code and explicit run instructions; it will compile/run on your machine (cargo, docker required).
- The docs state the HTTP API is unauthenticated by default. If you run this service locally it will expose endpoints that accept absolute filesystem paths (sync/watch) and can read/index your code. Treat this like running any local service that can access files: only run it in a controlled environment.
- The repository and docker-compose include default credentials (NEO4J_PASSWORD, MEILI_MASTER_KEY). Change these before exposing services, and do not reuse them for other systems.
- Before running: audit the source (or have someone you trust audit it), restrict what directories are watched/synced, run in an isolated environment/container, and front the service with authentication (reverse proxy or local firewall rules). If you will expose it to other processes/agents, require authentication for the API and limit network access.
- If you cannot or will not audit the code, or you do not have a segregated environment to run services that can read arbitrary host paths, do not install. At minimum, verify the code paths that handle /api/sync, /api/watch, and MCP tool handlers to confirm they enforce expected access controls.
Capability Analysis
Type: OpenClaw Skill
Name: project-orchestrator
Version: 0.2.0
The skill provides extensive capabilities for AI agents, including file system access for code synchronization, interaction with local Neo4j and Meilisearch databases, and a comprehensive set of 136 MCP tools. The `src/chat/prompt.rs` file contains a detailed system prompt designed to enforce specific agent behaviors and tool usage, explicitly instructing the agent to prioritize the skill's tools over internal Claude Code features. While there's no clear evidence of intentional harmful behavior, the combination of broad system access, the sophisticated prompt engineering aiming to control agent behavior, and the internal use of `PermissionMode::BypassPermissions` within the orchestrator's prompt builder (in `src/chat/manager.rs`) raises the classification to suspicious due to the inherent risks associated with such powerful capabilities and control mechanisms.
Capability Assessment
Purpose & Capability
The name/description (Neo4j + Meilisearch + Tree-sitter orchestrator) aligns with the included source (Rust code for neo4j/meilisearch/tree-sitter, many API/mcp handlers) and the declared required binaries (docker, cargo). However the registry metadata / SKILL.md claim 'required env vars: none' while docs and docker-compose clearly show NEO4J and MEILISEARCH credentials/configuration — an omission that is inconsistent and worth flagging. Also the registry says 'instruction-only' (no install spec) even though the skill bundle contains full source and build instructions.
Instruction Scope
SKILL.md and the docs instruct running 'docker compose up' and 'cargo build' and using HTTP endpoints (e.g., POST /api/sync with absolute paths) and a file watcher to auto-sync directories. The API reference explicitly states 'the API does not require authentication' which means the service will, by default, expose operations that can read and index arbitrary filesystem paths and record decisions/plans without auth. For an agent that can call local endpoints this grants broad access to host files and metadata — behavior that goes beyond a simple helper and requires careful operational controls.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the repository includes full source and a Docker Compose file with clear build/run instructions (cargo build, docker compose up). This is lower-risk than an arbitrary remote download, since source is bundled, but it's inconsistent with the 'instruction-only' label and means compilation/run happens locally (needs cargo/docker present).
Credentials
The skill declares no required env vars, yet docs and docker-compose use several sensitive environment values (NEO4J_URI/USER/PASSWORD, MEILISEARCH_URL/KEY, NEO4J_AUTH, MEILI_MASTER_KEY). The docker-compose provides default passwords (e.g., orchestrator123, orchestrator-meili-key-change-me). Requiring access to these credentials is proportional to the stated purpose, but omitting them from declared requirements and shipping default cleartext credentials is an operational and security concern.
Persistence & Privilege
The skill does not request 'always: true' (good), but running it starts an HTTP API, file watcher, and an MCP server exposing 100+ tools to connected agent clients. Combined with the documented default of 'no authentication' and the file-watcher/sync endpoints accepting arbitrary paths, this produces an elevated persistent local attack surface: a running orchestrator could be used (accidentally or maliciously) to index or expose host files and project secrets unless the user explicitly secures it (network access controls, auth reverse-proxy, limiting watched paths).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install project-orchestrator - After installation, invoke the skill by name or use
/project-orchestrator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
Update docs and API
v0.1.1
WebSocket support, Chat API, Multi-Project Workspace system, Mock backends, API pagination/filters, GitHub Actions CI
v0.1.0
Initial release
Metadata
Frequently Asked Questions
What is Project Orchestrator?
AI agent orchestrator with Neo4j knowledge graph, Meilisearch search, and Tree-sitter parsing. Use for coordinating multiple coding agents on complex projects with shared context and plans. It is an AI Agent Skill for Claude Code / OpenClaw, with 2383 downloads so far.
How do I install Project Orchestrator?
Run "/install project-orchestrator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Project Orchestrator free?
Yes, Project Orchestrator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Project Orchestrator support?
Project Orchestrator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Project Orchestrator?
It is built and maintained by reversTeam (@reversteam); the current version is v0.2.0.
More Skills