← Back to Skills Marketplace

SEVO Pipeline

Name: SEVO Pipeline
Author: yuchangxu1989-openclaw

by yuchangxu · GitHub ↗ · v0.2.1 · MIT-0

cross-platform ⚠ suspicious

190

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sevo

Description

SEVO — Agent 研发流水线。Spec-Execute-Verify-Operate: the agentic software delivery lifecycle for AI agent software production. Covers 8 stages from specification...

Usage Guidance

What to check before installing: - Confirm host dependencies: README expects Node.js, the OpenClaw CLI and an existing ~/.openclaw/openclaw.json. The registry metadata omits those—don't assume a safe default. - Inspect scripts/init.sh and index.js (plugin entry) before running the installer: the init script will register the plugin in openclaw.json, enable hooks and restart the gateway. Back up openclaw.json first. - Review the prompt-injection behavior: the plugin relies on before_prompt_build injection and recommends setting hooks.allowPromptInjection=true. If you are uncomfortable with automated prompt injection, keep that flag disabled or run the plugin in a sandbox first. - Audit for network / remote execution: search the codebase for outbound network calls (fetch/axios/http/https), child_process.exec/spawn, or hard-coded endpoints. Run the code in an isolated test environment or container if possible. - Use a safe deployment strategy: first run in a non-production OpenClaw instance or test workspace (empty agent pool), verify the plugin’s degraded/no-op behavior when dist/ compiled artifacts are absent, and confirm logs (logs/sevo-pipeline-events.jsonl) before enabling on production. - Principle of least privilege: limit the plugin's workspace permissions, and review what directories it will create (projects/sevo, data, logs). Consider running with only explicit agents configured (avoid single-agent mode where 'main' would execute all stages). Reason for suspicion: the package is internally coherent for its purpose, but the registry listing understates required host dependencies and the runtime instructions direct privileged configuration changes and prompt injection — all explainable, but worth an explicit human review and cautious, sandboxed rollout.

Capability Analysis

Type: OpenClaw Skill Name: sevo Version: 0.2.1 SEVO is a comprehensive and well-architected framework for managing the AI agent software delivery lifecycle (SDLC). The bundle includes a core engine (TypeScript), an OpenClaw plugin (JavaScript), and a Next.js dashboard for monitoring. While the plugin requires high-privilege permissions such as 'allowPromptInjection' and modifies the 'openclaw.json' configuration via 'scripts/init.sh', these actions are strictly aligned with its stated purpose of automating workflow transitions and injecting stage-specific instructions. The code demonstrates high engineering standards, including detailed Architecture Decision Records (ADRs) and extensive test suites. No evidence of data exfiltration, malicious persistence, or unauthorized remote execution was found.

Capability Tags

cryptocan-make-purchases

Capability Assessment

ℹ Purpose & Capability

The code and docs implement an OpenClaw plugin + full TypeScript SEVO engine (router, pipeline engine, gate, ledger, web UI). That matches the name/description. However the registry requirements claim no binaries or config are needed while README/SKILL.md and scripts assume Node.js, the OpenClaw CLI/gateway and an existing ~/.openclaw/openclaw.json; the metadata omits those host dependencies and the install steps that modify openclaw.json.

⚠ Instruction Scope

SKILL.md/README and plugin design instruct the plugin to read/write OpenClaw config and workspace files, intercept hooks (before_prompt_build, before_tool_call, subagent_ended), inject prompt content into the main session (auto-advance notices) and maintain local state files. These actions are within the stated purpose (a pipeline plugin) but are high-impact: they change host configuration, enable prompt injection, and can cause autonomous task spawning via the main session. The skill instructs enabling hooks.allowPromptInjection and registering the plugin in openclaw.json — both are privileged changes worth explicit human review.

ℹ Install Mechanism

There is no automated install spec in the registry, but the package contains an init script (scripts/init.sh) and README-guided install steps that will modify openclaw.json and restart the gateway. No external downloads from unknown hosts appear required (the repo references a GitHub clone as a convenience), but running the provided install script will make persistent changes on the host. Treat running the installer as a privileged action and inspect scripts/init.sh before executing.

✓ Credentials

The skill declares no credentials or env vars, and the codebase likewise does not demand cloud secrets in the manifest. Functionally it reads/writes files in an OpenClaw workspace and agent list (expected for a pipeline engine). That access level is proportional to the plugin's purpose. Note: the plugin asks to enable prompt-injection hooks (a config bit) which increases its ability to influence agent behavior but is a configuration change rather than a secret request.

⚠ Persistence & Privilege

The plugin persists runtime state (active-pipelines.json) and the SEVO engine persists pipeline state/artifacts in the workspace. The README/init steps will register the plugin in openclaw.json and restart the gateway, altering host configuration. The skill does not set always:true, but enabling prompt injection and registering hooks gives the plugin significant influence over main-session prompts and autonomous progression of pipelines — this is coherent with its purpose but is a privileged capability that should be explicitly consented to and audited.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sevo
After installation, invoke the skill by name or use /sevo
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.2.1

v0.2.1 concurrent write lock, convergence loop, gate hardening, false-trigger prevention

v0.2.0

商用就绪: 34FR+8AC-D09+6NFR全实现, 并发写锁, 收敛循环, 门禁硬化, 三层路由, 陌生人UX审计通过

v1.0.0

v1.0.0: Full release with complete delivery pipeline — spec, review gates, contract design, implementation, code review, regression, deployment, verification, and delivery ledger

v0.1.0

Initial release: 11 pipeline stages, 346 tests, MIT license

v0.0.2

更新描述至最新项目定位

v0.0.1

Initial placeholder for SEVO — Agent 研发流水线 (Spec-Execute-Verify-Operate)

Metadata

Slug sevo

Version 0.2.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 6

Frequently Asked Questions

What is SEVO Pipeline?

SEVO — Agent 研发流水线。Spec-Execute-Verify-Operate: the agentic software delivery lifecycle for AI agent software production. Covers 8 stages from specification... It is an AI Agent Skill for Claude Code / OpenClaw, with 190 downloads so far.

How do I install SEVO Pipeline?

Run "/install sevo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SEVO Pipeline free?

Yes, SEVO Pipeline is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SEVO Pipeline support?

SEVO Pipeline is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SEVO Pipeline?

It is built and maintained by yuchangxu (@yuchangxu1989-openclaw); the current version is v0.2.1.

More Skills