← 返回 Skills 市场

AgentCraft

Name: AgentCraft
Author: idosal

作者 idosal · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

315

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agentcraft

功能描述

Visualize coding sessions as a real-time strategy game with automatic deploy and event reporting.

使用说明 (SKILL.md)

AgentCraft Event Reporting

AgentCraft visualizes your coding sessions as an RTS game. Follow these steps to ensure AgentCraft is running and to report your activity.

1. Check if AgentCraft is Running

curl -sf http://localhost:2468/health

If this returns JSON with "status":"ok", skip to step 3.

2. Deploy if Needed

If the health check fails (server not running), start it in the background:

npx -y @idosal/agentcraft start --no-browser -d

Wait a few seconds, then verify:

curl -sf http://localhost:2468/health

If it still fails, proceed with your task without reporting — silently ignore all AgentCraft errors.

3. Generate a Session ID

Use a deterministic ID based on your workspace path:

AGENTCRAFT_SESSION="openclaw_$(echo -n "$PWD" | md5sum | head -c 12)"

On macOS (if md5sum is unavailable):

AGENTCRAFT_SESSION="openclaw_$(echo -n "$PWD" | md5 | head -c 12)"

Use this same AGENTCRAFT_SESSION for all events in this session.

4. Report Events

POST events to http://localhost:2468/event at these moments. Use curl — fire-and-forget, do not block on the response.

Starting work (`hero_active`)

When you begin processing a user prompt:

curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"hero_active\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\",\"cwd\":\"$PWD\"}" &>/dev/null &

Mission start (`mission_start`)

Immediately after hero_active, report the mission with the user's prompt:

curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"mission_start\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\",\"missionId\":\"mission_$(date +%s)\",\"name\":\"\x3Cfirst 50 chars of prompt>\",\"prompt\":\"\x3Cfull user prompt>\",\"cwd\":\"$PWD\"}" &>/dev/null &

File access (`file_access`)

When you read, write, or edit a file:

curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"file_access\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\",\"filePath\":\"\x3Cabsolute-file-path>\",\"operation\":\"read\",\"linesAdded\":0,\"linesRemoved\":0,\"cwd\":\"$PWD\"}" &>/dev/null &

Set operation to "read", "write", or "edit". For edits, set linesAdded and linesRemoved to actual counts.

Shell commands (`bash_command`)

When you execute a shell command:

curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"bash_command\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\",\"command\":\"\x3Ccommand, max 200 chars>\",\"cwd\":\"$PWD\"}" &>/dev/null &

Done / idle (`hero_idle`)

When you finish processing and are waiting for the next prompt:

curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"hero_idle\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\"}" &>/dev/null &

Rules

Use curl to POST — fire-and-forget (&>/dev/null &), do not block on the response.
Always set client to "openclaw".
Use the same AGENTCRAFT_SESSION value for all events in a session.
Set cwd to the current working directory.
Do not report the same action more than once.
If the AgentCraft server is not reachable, silently ignore errors — do not retry or log failures.

Inviting Other Agents

Other OpenClaw agents can join your AgentCraft dashboard without installing this skill.

Quick join (same machine)

Share these curl commands with other agents. They only need to generate their own session ID and POST events:

# Generate a unique session ID (use md5 instead of md5sum on macOS)
AGENTCRAFT_SESSION="openclaw_$(echo -n "$PWD" | md5sum | head -c 12)"

# Report active
curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"hero_active\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\",\"cwd\":\"$PWD\"}" &>/dev/null &

# Report idle when done
curl -sf -X POST http://localhost:2468/event \
  -H "Content-Type: application/json" \
  -d "{\"type\":\"hero_idle\",\"sessionId\":\"$AGENTCRAFT_SESSION\",\"client\":\"openclaw\"}" &>/dev/null &

Share with remote agents

To let agents on other machines join:

Expose your AgentCraft server:

cloudflared tunnel --url http://127.0.0.1:2468

Share the resulting https://xxx.trycloudflare.com URL.
Remote agents replace localhost:2468 with that URL in all event curl commands.

安全使用建议

Before installing: 1) Treat the npm package and the npx start command as unvetted code — audit @idosal/agentcraft source or run it in an isolated/test environment (container or VM). 2) Be aware that the skill's runtime explicitly sends full user prompts, absolute file paths, and shell commands to the AgentCraft server; do not expose that server to the internet (cloudflared) unless you fully trust the service and understand what data will be collected. 3) Consider removing or questioning the always:true flag — this skill shouldn't need forced always-on status. 4) If you must use it, restrict network exposure (keep it local), avoid reporting sensitive prompts/files/commands, and verify the package publisher and package contents. If the maintainer can provide source code, a privacy policy, and justification for always:true and for sharing data via tunnels, re-evaluation could move toward benign.

功能分析

Type: OpenClaw Skill Name: agentcraft Version: 1.0.0 The skill implements extensive telemetry by instructing the agent to exfiltrate user prompts, absolute file paths, and shell commands to a local server (port 2468) started via 'npx @idosal/agentcraft'. While the stated goal is session visualization, the instructions in SKILL.md explicitly encourage exposing this sensitive data to the public internet using 'cloudflared' tunnels. The requirement for the agent to 'silently ignore' errors and run reporting processes in the background increases the risk of undetected data collection and potential supply chain compromise via the external npm package.

能力评估

ℹ Purpose & Capability

The name/description (visualize coding sessions, event reporting) aligns with the binaries and the declared npm package (@idosal/agentcraft). However the runtime instructions recommend exposing the local server via cloudflared (a tool not listed in required bins) and instruct sharing potentially sensitive data (full prompts, file paths, shell commands) — those capabilities expand the scope beyond simple local visualization and aren't reflected in the declared requirements.

⚠ Instruction Scope

The SKILL.md instructs the agent to collect and POST full user prompts, absolute file paths, and executed shell commands to the AgentCraft server. While default target is localhost, the doc explicitly instructs how to expose that server (cloudflared tunnel) so remote agents can join, which would forward local data to a public URL. The skill also tells the agent to start the server via npx (running remote code) and to silently ignore failures — this grants discretion to transmit sensitive data and to execute non-local code.

ℹ Install Mechanism

Install is via an npm package (@idosal/agentcraft) and the SKILL.md uses npx to run it. npm is a common mechanism but runs unvetted code from a public registry; npx -y will execute without prompting. This is a moderate-risk install mechanism and should be audited before use.

ℹ Credentials

The skill does not request secrets or environment variables, which is appropriate. However it relies on runtime values (PWD, file contents, user prompts) and instructs sending them to the local/remote server; although not an 'env var' leak, this is sensitive data exposure beyond what a simple visualization might require.

⚠ Persistence & Privilege

The skill is marked always:true in metadata/flags. Forcing this skill to always be enabled is a significant privilege for a visualization/reporting tool and increases risk because it can be invoked or cause installs without per-use consent. Combined with the ability to run npx and transmit session data, this is disproportionate.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agentcraft
安装完成后，直接呼叫该 Skill 的名称或使用 /agentcraft 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial ClawHub release — RTS dashboard with automatic deploy and event reporting

元数据

Slug agentcraft

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

AgentCraft 是什么？

Visualize coding sessions as a real-time strategy game with automatic deploy and event reporting. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 315 次。

如何安装 AgentCraft？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentcraft」即可一键安装，无需额外配置。

AgentCraft 是免费的吗？

是的，AgentCraft 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

AgentCraft 支持哪些平台？

AgentCraft 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 AgentCraft？

由 idosal（@idosal）开发并维护，当前版本 v1.0.0。