← 返回 Skills 市场
Ai Specialists
作者
Erik Ashby
· GitHub ↗
· v1.1.0
690
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install ai-specialists
功能描述
Interact with AI Specialists via the AI Specialists Hub MCP endpoint. Use when the user asks about any of their AI specialists (e.g. Ruby, Peter, Benjamin, M...
使用说明 (SKILL.md)
AI Specialists Hub - MCP Integration
Connection
Call the MCP endpoint via HTTP POST. The endpoint URL is stored in TOOLS.md or provided by the user.
curl -s -X POST "$MCP_URL" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"TOOL_NAME","arguments":{...}}}'
Critical headers: Must include Accept: application/json, text/event-stream or the server returns 406.
Response format: SSE — parse with: response.split('data: ')[1] → JSON → result.content[0].text
Available Tools
Discovery & Management
| Tool | Required Params | Description |
|---|---|---|
list_specialists |
— | List all hired specialists |
list_specialist_types |
— | List available specialist types |
hire_specialist |
type, name |
Hire a new specialist |
dismiss_specialist |
specialist |
Remove a specialist |
import_specialist |
url |
Import from GitHub URL |
get_specialist_overview |
specialist |
Get specialist summary |
Workspace Navigation
| Tool | Required Params | Description |
|---|---|---|
explore_specialist_tree |
specialist |
Full folder/file tree |
list_specialist_folder |
specialist, folder_path |
List folder contents |
Document Operations
| Tool | Required Params | Description |
|---|---|---|
read_specialist_document |
specialist, document_path |
Read one document |
read_specialist_documents |
specialist, document_paths (array) |
Bulk read multiple docs |
update_specialist_document |
specialist, document_path, content |
Create or update a doc |
delete_specialist_document |
specialist, document_path |
Delete a document |
Folder Operations
| Tool | Required Params | Description |
|---|---|---|
create_specialist_folder |
specialist, folder_path |
Create folder (recursive) |
delete_specialist_folder |
specialist, folder_path |
Delete folder and contents |
Parameter note: The specialist identifier is always the id field from list_specialists, not the display name. Use lowercase (e.g. ruby, peter, benjamin).
Working with a Specialist
Every specialist has an ai-instructions/ folder containing their identity and behavioral instructions. Always read these first when working with a specialist you haven't loaded yet:
ai-instructions/
├── core-instructions.md # Who they are, what they do, how they behave
└── getting_started.md # Initialization sequence, workspace structure
Pattern: First interaction with a specialist
list_specialists→ find the specialist idread_specialist_documents→ readai-instructions/core-instructions.mdandai-instructions/getting_started.md- Understand their domain, workspace structure, and communication style
explore_specialist_tree→ see their full workspace- Now you can work with their data informed by their context
Pattern: Quick data retrieval
explore_specialist_tree→ find the files you needread_specialist_documents→ bulk read (more efficient than individual reads)- Summarize for the user
Pattern: Updating specialist data
- Read the existing document first
- Modify content as needed
update_specialist_document→ write back (creates if new, overwrites if existing)- For new folders:
create_specialist_folderfirst, then write documents into it
User Signup (Agent-Initiated Onboarding)
If your human doesn't have an AI Specialists Hub account yet, you can create one via the public signup API:
curl -s -X POST "https://aispecialistshub.com/api/v1/signup" \
-H "Content-Type: application/json" \
-d '{"username":"\x3Cusername>","email":"\x3Cemail>","password":"\x3Cpassword>"}'
Response (201):
{
"username": "...",
"mcpKey": "...",
"accountStatus": "unverified",
"specialistLimit": 2,
"message": "..."
}
⚠️ CRITICAL: Credential Handoff
You MUST provide all credentials to the human. Whether you auto-generate the username/email/password or ask the human to choose them, the human must receive:
- Username — for web dashboard login at aispecialistshub.com
- Email — used for account verification
- Password — for web dashboard login
- MCP key — for connecting AI tools to their specialists
Never keep credentials from the human. They own the account. Present all four clearly after signup.
Unverified Accounts
- Limited to 2 specialists (default: Friday is auto-hired)
- Full MCP access — specialists work immediately
- Can log in to web dashboard with username/password
- Verify email for full access (more specialists)
Signup Flow
- Confirm the human wants an AI Specialists Hub account
- Collect or generate: username, email, password
- Call
POST /api/v1/signup - Give the human ALL credentials (username, email, password, MCP key)
- Store the MCP endpoint URL in your config:
https://aispecialistshub.com/api/v1/mcp/\x3Cusername>/\x3CmcpKey> - Start using specialists via MCP
Configuration
Store the MCP endpoint URL in TOOLS.md:
### AI Specialists Hub
- MCP endpoint: https://aispecialistshub.com/api/v1/mcp/\x3Cuser>/\x3Ckey>
See references/specialists-guide.md for details on specialist workspace conventions.
安全使用建议
This skill appears to do what it says (talk to an AI Specialists MCP endpoint) but has a few red flags you should consider before installing:
- Verify the external service: aispecialistshub.com is the endpoint used for signup and MCP calls. Confirm you trust this domain and its operators before allowing the agent to create accounts or send data to it.
- Tooling mismatch: the bundled script requires curl and python3 even though the skill metadata lists no required binaries. Ensure those binaries are present and review the script before running it.
- Credentials handling: the skill supports agent-initiated signup and instructs the agent to generate/collect username, email, password, and an mcpKey, then store an MCP URL (containing the key) in TOOLS.md. Decide whether you want the agent creating accounts on your behalf and whether storing keys in TOOLS.md (likely plaintext) is acceptable. If not, require manual signup and manual injection of the MCP URL.
- Least privilege: if you proceed, restrict network access where possible, require human approval before auto-signup, and avoid letting the agent persist credentials to public or shared repositories.
If you want higher confidence, ask the skill author to (1) update metadata to declare required binaries (curl, python3), (2) document why credentials must be stored in TOOLS.md and offer a safer storage option, and (3) provide an audited privacy/security statement for aispecialistshub.com. If those items are addressed, the skill would be closer to benign.
功能分析
Type: OpenClaw Skill
Name: ai-specialists
Version: 1.1.0
The skill is suspicious due to several capabilities that, while not inherently malicious, present significant vulnerabilities if exploited via prompt injection. The `scripts/mcp-call.sh` script directly executes `curl` with a URL provided as an argument, making it susceptible to Server-Side Request Forgery (SSRF) or arbitrary network requests if the agent's `$MCP_URL` variable can be manipulated. Additionally, the `SKILL.md` describes an `import_specialist` tool that takes a `url` parameter, which could be exploited for supply chain attacks if the agent is prompted to import from an untrusted source. These are critical vulnerabilities, not intentional malice.
能力评估
Purpose & Capability
The skill claims no required binaries or environment variables, but includes a shell helper (scripts/mcp-call.sh) that clearly depends on curl and python3. That discrepancy (packaging says 'none' but shipped code requires network and Python tooling) is unexpected and should be explained by the author.
Instruction Scope
SKILL.md directs the agent to call an external MCP endpoint (https://aispecialistshub.com) and to perform agent-initiated account signup (generate/collect username, email, password) and to store the resulting MCP endpoint URL in TOOLS.md. Asking the agent to create accounts and handle credentials, and to persist them into a repo/config file, broadens the skill's operational scope and raises privacy/storage concerns.
Install Mechanism
This is an instruction-only skill (no install spec). Nothing is downloaded or extracted during install, which reduces supply-chain risk. The included script will be available but not auto-installed.
Credentials
The skill does not request environment variables or external credentials up front, which is consistent. However, it instructs creating accounts that produce sensitive credentials (username/password/mcpKey) and to persist the MCP URL (containing a key) in TOOLS.md — this is sensitive and should be treated as such. The skill does not justify why credentials must be stored in a plain TOOLS.md file.
Persistence & Privilege
always:false and normal invocation settings are appropriate. The skill asks the agent to write the MCP endpoint into TOOLS.md (agent config/documentation) — this is a modest persistence action but not an elevated platform-level privilege. Consider whether storing keys in TOOLS.md is acceptable in your environment.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-specialists - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-specialists触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added user signup endpoint docs and credential handoff requirements for agent-initiated onboarding
v1.0.0
Initial release: MCP integration for AI Specialists Hub. Connect any OpenClaw agent to your specialists for persistent memory and domain expertise.
元数据
常见问题
Ai Specialists 是什么?
Interact with AI Specialists via the AI Specialists Hub MCP endpoint. Use when the user asks about any of their AI specialists (e.g. Ruby, Peter, Benjamin, M... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 690 次。
如何安装 Ai Specialists?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-specialists」即可一键安装,无需额外配置。
Ai Specialists 是免费的吗?
是的,Ai Specialists 完全免费(开源免费),可自由下载、安装和使用。
Ai Specialists 支持哪些平台?
Ai Specialists 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ai Specialists?
由 Erik Ashby(@erikashby)开发并维护,当前版本 v1.1.0。
推荐 Skills