功能描述

Deploy the Agent HQ mission-control stack (Express + React + Telegram notifier / Jarvis summary) so other Clawdbot teams can spin up the same board, high-priority watcher, and alert automation. Includes setup, telemetry, and automation hooks.

使用说明 (SKILL.md)

Agent HQ Installation

Name: Agent HQ
Author: thibautrey

Summary

Backend + frontend: Express API with SQLite board + Vite/React UI served from frontend-react/dist.
Automation pieces: Jarvis summary (scripts/jarvis-connector.js), Telegram notifier (scripts/notify-jarvis-telegram.js + cron), plus a high-priority watcher inside backend/server.js.
Data: data/board.json seeds missions/agents/cards; the board persists in data/mission.db.
Notifications: config/telegram.json (or AGENT_HQ_TELEGRAM_* env vars) lets you send alerts to Telegram.

Setup steps

Clone the repo and install deps:

git clone https://github.com/thibautrey/agent-hq.git
cd agent-hq
npm install
npm --prefix frontend-react install

Edit config/telegram.json with your botToken/chatId (or set AGENT_HQ_TELEGRAM_TOKEN/AGENT_HQ_TELEGRAM_CHAT_ID). Keep this file secret.
Build the UI and start the server:
```
npm --prefix frontend-react run build
npm run start:agent-hq
```
The UI is served on / and the API lives under /api (default port 4000).
Configure cron jobs (Heartbeats + Telegram):
- Jarvis summary: node scripts/jarvis-connector.js or scripts/notify-jarvis-telegram.js --force as needed.
- Telegram notifier cron (see run-telegram-notifier.sh).
Use the UI to create cards or POST /api/cards//api/cards/quick to keep Jarvis busy.

Runtime commands

View board: curl http://localhost:4000/api/board
Trigger Telegram alert: curl -X POST http://localhost:4000/api/notify-telegram
Quick card: curl -X POST http://localhost:4000/api/cards/quick -H "Content-Type: application/json" -d '{"text":"Design review needed"}'
Jarvis summary: node scripts/jarvis-connector.js

Tips

Drop cards directly into data/board.json before first run for a seeded mission.
high_priority_jobs table in SQLite prevents duplicate Telegram alerts.
AGENT_HQ_API_TOKEN protects mutating endpoints for scripted integrations.

Release notes

2026-02-09 – Mission-control stack created, README translated to English, changelog added, and the Clawdhub installer skill [email protected] published (now mirrored with this manifest).

Enjoy running your own Mission Control.

安全使用建议

Before installing or running this skill: (1) Treat the GitHub repo as untrusted until you inspect it — review scripts (scripts/jarvis-connector.js, notify-jarvis-telegram.js, backend/server.js) for what network endpoints they call and what secrets they log or transmit. (2) Do not paste tokens into a repo or leave config/telegram.json world-readable; prefer environment variables or a secrets manager. (3) Because the registry metadata lists no required env vars, explicitly verify and document which secrets are needed and why. (4) Run the system in an isolated/test environment first (not on production machines) to observe cron/notification behavior. (5) Use minimal-permission Telegram bot tokens and rotate them after testing. (6) If you need higher assurance, ask the publisher for provenance (signed releases, exact commit/tag), or require the skill to include an install spec with vetted release artifacts.

功能分析

Type: OpenClaw Skill Name: agent-hq Version: 1.0.1 The skill instructs the agent to clone an external GitHub repository (`https://github.com/thibautrey/agent-hq.git`) and install its Node.js dependencies via `npm install`, introducing supply chain risks as the content of the external repository and its dependencies are not analyzed. Additionally, it instructs the agent to configure cron jobs for application automation, which establishes persistence. While these actions align with the stated purpose of deploying an application, they represent significant high-risk capabilities without clear evidence of intentional malicious behavior within the provided `SKILL.md`.

能力评估

ℹ Purpose & Capability

The described functionality (Express + React UI, Telegram notifier, Jarvis summary, SQLite DB, cron jobs) matches the skill name and description. However, the runtime instructions reference repository code and configuration values (bot token, chatId, API token) that the registry metadata does not declare, so the manifest and the runtime requirements are not fully aligned.

⚠ Instruction Scope

SKILL.md directs cloning an external GitHub repo and running its Node scripts, editing a local config file with secrets, and configuring cron jobs that will run notifier/summary scripts on a schedule. Those instructions cause the agent or user environment to execute code fetched at runtime and to persist secrets and periodic network activity (Telegram messages). The instructions do not insist you inspect code before running or provide safe defaults for secret handling.

ℹ Install Mechanism

There is no formal install spec in the registry, but the instructions require 'git clone' of an external GitHub repository and running 'npm install' and 'npm run build' — i.e., arbitrary third-party code will be written to disk and executed. Cloning from GitHub is common, but the skill metadata lists 'Source: unknown' (no provenance) which increases risk; the registry should either host or document provenance of the repository.

⚠ Credentials

The SKILL.md expects sensitive values (AGENT_HQ_TELEGRAM_TOKEN / AGENT_HQ_TELEGRAM_CHAT_ID and AGENT_HQ_API_TOKEN or config/telegram.json) but the skill's declared metadata lists no required environment variables or primary credential. That mismatch hides the need for secrets and makes it easy to accidentally store tokens insecurely. The number and type of secrets requested are proportionate to the described feature (Telegram, protected endpoints), but they should be declared and handled explicitly.

ℹ Persistence & Privilege

The skill is not force-enabled (always:false) and does not request platform-level privileges. However, instructions explicitly tell you to configure cron jobs and run background notifier/summary scripts, which create persistent behavior (scheduled outbound network activity). This persistence is expected for a notifier but raises usual operational/privacy considerations and should be opted into only after code inspection.

版本历史

v1.0.1

2026-02-09 release: README translation, changelog, new release notes

v1.0.0

Initial Agent HQ installer skill

元数据

Slug agent-hq

版本 1.0.1

许可证 —

累计安装 4

当前安装数 4

历史版本数 2

常见问题

Agent HQ 是什么？

Deploy the Agent HQ mission-control stack (Express + React + Telegram notifier / Jarvis summary) so other Clawdbot teams can spin up the same board, high-priority watcher, and alert automation. Includes setup, telemetry, and automation hooks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1524 次。

如何安装 Agent HQ？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-hq」即可一键安装，无需额外配置。

Agent HQ 是免费的吗？

是的，Agent HQ 完全免费（开源免费），可自由下载、安装和使用。

Agent HQ 支持哪些平台？

Agent HQ 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent HQ？

由 thibautrey（@thibautrey）开发并维护，当前版本 v1.0.1。

Agent HQ