← 返回 Skills 市场
curbob

Agent Pipeline

作者 Curbob · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
424
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install agent-pipeline
功能描述
Manages code task workflow by spawning sub-agents for research, coding, reviewing, security audit, testing, and committing with detailed logging and updates.
使用说明 (SKILL.md)

Agent Pipeline Skill

Standard development workflow for code tasks using spawned sub-agents.

Pipeline Order

[Researcher] → Coder → Reviewer → Security → Tester → Commit

Researcher (optional)

  • Use when: new APIs, unfamiliar tech, "figure out how" tasks
  • Gathers context, reads existing code patterns, documents findings

Coder

  • Writes the code changes
  • Does NOT commit or push
  • Creates branch if needed
  • Runs build to verify compilation

Reviewer

  • Runs git diff to review all changes
  • Checks: code quality, patterns, minimal scope, consistency
  • Reports PASS or FAIL

Security

  • Audits for: injection, XSS, auth issues, data exposure, CSRF
  • Reports PASS or FAIL

Tester

  • Verifies build compiles (0 errors)
  • Structural checks (files exist, actions registered, links correct)
  • Reports PASS or FAIL

Commit

  • Done by DevJarvis (main agent), not a sub-agent
  • Commit with descriptive message
  • Push to feature branch
  • Update Planner task with dev notes

Rules

  • ALWAYS log to the board before, during, and after
  • Create board item under the relevant project category
  • Each agent gets clear, specific instructions
  • Agents use agentId matching their role (coder, reviewer, security, tester, researcher)
  • If an agent fails, fix the issue and re-run that stage
  • Auth: all agents need auth-profiles.json copied from main agent

Board API

  • Create item: POST http://10.0.0.40:3000/api/board/projects/{project}/items
  • Body: {"title": "...", "status": "in-progress", "detail": "..."}

Planner Updates

  • Update task description with branch name, changes summary, pipeline results
  • Add comments for back-and-forth with Rich

Branch Naming

  • feature/{short-description}
  • Always branch from master
  • Rich handles merges to master
安全使用建议
Before installing, ask the skill author for clarifications: (1) Why does the pipeline need 'auth-profiles.json' from the main agent? That grants broad access to the agent's credentials — request a token-based, least-privilege alternative scoped to board/planner actions. (2) What is the board API at 10.0.0.40:3000? Confirm it is an expected internal endpoint (and prefer HTTPS with authentication), or change the URL to a configurable, declared endpoint. (3) Require the skill to declare any config paths or environment variables it needs (so you can review and isolate them). If you must use this skill in production, run it in an isolated environment with minimal permissions, require explicit per-agent credentials, and audit any logs or network traffic to ensure no secrets are being transmitted unexpectedly.
功能分析
Type: OpenClaw Skill Name: agent-pipeline Version: 1.0.0 The skill defines a development workflow for agents. The primary concern is the instruction in `SKILL.md` for sub-agents to copy `auth-profiles.json` from the main agent. This exposes sensitive authentication credentials to potentially less secure sub-agent environments, creating a significant data exposure vulnerability. While the skill also instructs agents to make network calls to an internal API for logging, which demonstrates network access capabilities, the explicit exposure of `auth-profiles.json` is a critical design flaw that could lead to credential theft if a sub-agent is compromised.
能力评估
Purpose & Capability
The skill claims to orchestrate a development pipeline and log to a project board, which can justify some network calls and metadata updates. However, it also instructs agents to copy 'auth-profiles.json' from the main agent (accessing another agent's auth/config) and to POST to http://10.0.0.40:3000 — neither of these are declared in the skill's requirements. Requesting access to the main agent's credentials is not necessary for basic pipeline coordination and is disproportionate to the stated purpose unless this is explicitly an on-prem, single-tenant setup.
Instruction Scope
The SKILL.md explicitly tells agents to copy 'auth-profiles.json' from the main agent and to POST pipeline logs to an internal board API at a private IP. It also instructs agents to run git diff, build/compile, create branches, and push. Directives to access another agent's auth file and to transmit detailed pipeline data to an undeclared network endpoint expand scope beyond typical orchestration guidance and may lead to leaking credentials or sensitive repo data.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That reduces installation risk compared with skills that download and execute code.
Credentials
The skill declares no required env vars or config paths yet requires copying 'auth-profiles.json' from the main agent and interacting with a board API. Asking agents to access another agent's auth bundle is a high-privilege action not supported by declared requirements and is disproportionate. There is no guidance about authentication to the board API or planner, nor any least-privilege credential model.
Persistence & Privilege
The skill does not request always: true and is user-invocable (normal). However, it instructs agents to obtain the main agent's auth file (accessing credentials belonging to another agent), which is a privilege escalation of sorts even though the skill itself doesn't persist or modify system-wide configs in its spec.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install agent-pipeline
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /agent-pipeline 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release introducing the Agent Pipeline Skill. - Defines a modular workflow for code tasks using specialized sub-agents: Researcher, Coder, Reviewer, Security, Tester, and Commit. - Enforces a strict stage order and clear responsibilities for each agent. - Integrates board logging and planner updates throughout the workflow. - Standardizes branch naming and communication protocols. - Includes security and structural checks as core pipeline stages.
元数据
Slug agent-pipeline
版本 1.0.0
许可证
累计安装 2
当前安装数 1
历史版本数 1
常见问题

Agent Pipeline 是什么?

Manages code task workflow by spawning sub-agents for research, coding, reviewing, security audit, testing, and committing with detailed logging and updates. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 424 次。

如何安装 Agent Pipeline?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-pipeline」即可一键安装,无需额外配置。

Agent Pipeline 是免费的吗?

是的,Agent Pipeline 完全免费(开源免费),可自由下载、安装和使用。

Agent Pipeline 支持哪些平台?

Agent Pipeline 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Agent Pipeline?

由 Curbob(@curbob)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论