← 返回 Skills 市场
henrikrexed

BMAD Orchestrator

作者 henrikrexed · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
475
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bmad-orchestrator
功能描述
Orchestrate the full BMAD Method workflow across OpenClaw and Claude Code. Use when starting a new project with BMAD methodology, running BMAD phases (brains...
使用说明 (SKILL.md)

BMAD Orchestrator

Orchestrate the 4-phase BMAD Method (Breakthrough Method of Agile AI Driven Development) across OpenClaw ↔ Claude Code.

Architecture

  • Phases 1-3 (Interactive): Run through OpenClaw chat with the user. You facilitate brainstorming, refine the PRD, debate architecture. The user's ideas matter most here.
  • Party Mode: At key decision points, suggest running party mode on Claude Code — multiple BMAD agents debate the topic and produce richer output.
  • Phase 4 (Automated): Delegate to Claude Code via tmux on the dev VM. Monitor progress, report back.

Prerequisites

  • Claude Code installed on dev VM (accessible via SSH)
  • BMAD framework installed in the project (_bmad/ directory with agents, workflows, commands)
  • tmux available on the dev VM

State Tracking

Track workflow state in _bmad-output/orchestrator-state.yaml:

project: \x3Cname>
vm_host: \x3Cip>
vm_user: \x3Cuser>
project_path: \x3Cpath>
tmux_socket: /tmp/openclaw-tmux-sockets/openclaw.sock
tmux_session: bmad-\x3Cproject>
current_phase: 1|2|3|4
current_workflow: \x3Cworkflow-name>
artifacts:
  brainstorming_report: null|path
  product_brief: null|path  
  prd: null|path
  ux_spec: null|path
  architecture: null|path
  epics: null|path
  sprint_status: null|path
  project_context: null|path

Phase 1: Analysis (Interactive with User)

1.1 Brainstorming (bmad-brainstorming)

Run this conversationally with the user in OpenClaw chat:

  1. Ask: "What project are we building? Give me the elevator pitch."
  2. Explore the problem space — ask about users, pain points, existing solutions
  3. Challenge assumptions — play devil's advocate
  4. Suggest Party Mode: "Want me to run party mode on Claude Code? The BMAD agents (analyst, architect, PM, dev) will debate your idea and surface things we might miss."
  5. If party mode → send /bmad-brainstorming to Claude Code, capture output, share highlights
  6. Synthesize into key decisions and themes
  7. Produce: brainstorming-report.md

1.2 Research (bmad-bmm-research) — Optional

If the project needs market/technical/domain validation:

  1. Discuss with user what needs validation
  2. Send research workflow to Claude Code for heavy lifting
  3. Review findings together

1.3 Product Brief (bmad-bmm-create-product-brief)

  1. Start from brainstorming output
  2. Walk through with user: vision, target users, success metrics, scope
  3. Suggest Party Mode: "The PM and analyst agents can stress-test this brief. Run it?"
  4. If party mode → send command, capture debate highlights
  5. Iterate until user approves
  6. Produce: product-brief.md

Phase 2: Planning (Interactive with User)

2.1 PRD (bmad-bmm-create-prd)

  1. Load product brief as context
  2. Walk through requirements with user section by section:
    • Functional requirements (FRs)
    • Non-functional requirements (NFRs)
    • User journeys
    • Success metrics
  3. Suggest Party Mode: "PM + architect + QA can review these requirements together. Good time to catch gaps."
  4. If party mode → send command, share findings
  5. Iterate until user signs off
  6. Produce: prd.md

2.2 UX Design (bmad-bmm-create-ux-design) — If applicable

Only for projects with UI. Skip for backend/infrastructure tools.

Phase 3: Solutioning (Interactive with User)

3.1 Architecture (bmad-bmm-create-architecture)

  1. Load PRD as context
  2. Discuss technical decisions with user:
    • Language/framework choices
    • Deployment model
    • Key patterns and trade-offs
    • ADRs (Architecture Decision Records)
  3. Suggest Party Mode: "Architect + dev + QA debating the architecture will surface implementation risks early."
  4. If party mode → send command, share the debate
  5. Iterate with user
  6. Produce: architecture.md with ADRs

3.2 Epics & Stories (bmad-bmm-create-epics-and-stories)

  1. Load architecture + PRD
  2. Present epic breakdown to user for review
  3. Discuss story sizing, priorities, dependencies
  4. Produce: epics.md with stories

3.3 Readiness Check (bmad-bmm-check-implementation-readiness)

  1. Send to Claude Code for automated gate check
  2. Share result: PASS / CONCERNS / FAIL
  3. If CONCERNS/FAIL → discuss with user, fix gaps
  4. Produce: readiness report

3.4 Project Context (bmad-bmm-generate-project-context)

  1. Send to Claude Code after architecture is finalized
  2. Review output with user
  3. Produce: project-context.md

Phase 4: Implementation (Automated via Claude Code)

4.0 Setup

See references/tmux-setup.md for tmux session initialization.

4.1 Sprint Planning

Send to Claude Code:

/bmad-bmm-sprint-planning

Capture and save sprint-status.yaml.

4.2 Story Loop (per epic)

For each epic, for each story:

  1. Create Story: Send /bmad-bmm-create-story → produces story-[slug].md
  2. Dev Story: Send /bmad-bmm-dev-story → implements code + tests
  3. Code Review: Send /bmad-bmm-code-review → validates quality
  4. If review fails → send fixes back, re-review
  5. Update sprint status
  6. Commit after each story

4.3 Epic Completion

After all stories in an epic:

  1. Send /bmad-bmm-retrospective for lessons learned
  2. Optionally run /bmad-bmm-automate for E2E test generation
  3. Commit and update sprint status

4.4 Monitoring

Set up a cron job to monitor Claude Code progress every 15 minutes. Report status updates to user via chat.

Party Mode Integration

Party mode simulates a multi-agent discussion in Claude Code. Use it at these moments:

When Why Command
After brainstorming Surface blind spots /bmad-party-mode with brainstorming context
After product brief Stress-test the vision /bmad-party-mode with brief
During PRD review Catch requirement gaps /bmad-party-mode with PRD draft
Architecture decisions Debate trade-offs /bmad-party-mode with architecture

To trigger party mode on Claude Code:

tmux send-keys -l -- "/bmad-party-mode" && sleep 0.3 && tmux send-keys Enter

Capture output, extract key insights, present to user.

Claude Code Commands Reference

See references/bmad-commands.md for the full command list.

Quick Flow (Skip Phases 1-3)

For small, well-understood work:

  1. /bmad-bmm-quick-spec → tech-spec.md
  2. /bmad-bmm-quick-dev → implementation

Only use when user explicitly says the project is simple and well-understood.

Sending Commands to Claude Code

See references/tmux-setup.md for the tmux interaction patterns.

Key rules:

  • Split text and Enter with a delay (Claude Code TUI timing)
  • Use capture-pane -S -200 to read output
  • Wait for idle prompt before sending next command
  • Use C-c to interrupt if stuck
安全使用建议
This skill coordinates a local chat workflow with a remote dev VM running Claude Code via SSH/tmux, and its instructions explicitly tell the remote VM to run 'npx @anthropic-ai/claude-code --dangerously-skip-permissions' and auto-accept the permissions prompt. Before installing or using: (1) confirm you trust the remote VM and the maintainer of the BMAD framework; (2) do not provide SSH keys or credentials unless you intend to grant full control of that VM; (3) avoid running the recipe that uses --dangerously-skip-permissions — prefer to install and authorize Claude Code manually and verify permissions yourself; (4) be cautious about allowing the skill to create cron jobs or persistent tmux sockets that can exfiltrate output; (5) if you still want to use it, run the commands manually in a controlled environment (or a throwaway VM) first and audit what files the orchestration reads/writes. The metadata should have declared the need for SSH credentials and persistent remote access — their absence is a red flag.
功能分析
Type: OpenClaw Skill Name: bmad-orchestrator Version: 1.0.0 The skill is highly suspicious due to critical shell injection vulnerabilities identified in `references/tmux-setup.md`. The OpenClaw agent is instructed to construct and execute `ssh` commands using variables like `VM_HOST`, `VM_USER`, and `PROJECT_PATH` (derived from user input via `orchestrator-state.yaml`) without apparent sanitization. Furthermore, the pattern for sending multi-line prompts, `ssh ... "$(cat /tmp/prompt.txt)"`, allows for arbitrary command execution on the remote VM if `prompt.txt` contains unsanitized user-controlled data. These flaws enable a prompt injection attack against the OpenClaw agent, leading to Remote Code Execution on the target development VM.
能力评估
Purpose & Capability
The skill's name and description align with the instructions: it coordinates interactive phases locally and delegates implementation to a remote Claude Code instance via tmux/SSH. Expectation of tmux, Claude Code, and a dev VM is reasonable. However, the skill does not declare that it requires SSH credentials, access to the remote VM, or the ability to create cron jobs — capabilities that are necessary to fulfil the described purpose.
Instruction Scope
SKILL.md instructs the agent to run multiple SSH/scp/tmux commands, create socket dirs and sessions, read/write remote files, set up a cron job to monitor progress, and capture remote output for reporting. It also explicitly instructs booting Claude Code with the flag --dangerously-skip-permissions and auto-selecting the permission prompt. These actions go beyond simple orchestration: they grant a skill the ability to control a remote VM, persist background monitoring, and bypass an agent's permission UX. The instructions also reference environment-like variables (VM_HOST, VM_USER, PROJECT_PATH) but those are not declared as required inputs.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the tmux setup explicitly runs 'npx @anthropic-ai/claude-code --dangerously-skip-permissions' on the remote VM. That instructs downloading and running code via npm on the remote host and using an explicit flag to skip permissions — a higher-risk operation that the skill neither declares nor mitigates.
Credentials
The skill requires implicit access to an SSH-able dev VM (host, user, and keys/passwords) and to the remote filesystem (to read/write _bmad-output and /tmp prompt files), yet requires.env and primary credential fields are empty. Requiring remote control and the ability to create cron jobs is a significant privilege that is not declared or justified in the metadata.
Persistence & Privilege
The instructions create persistent artifacts on the remote VM: tmux sessions/sockets and a cron job that polls and reports status every 15 minutes. While persistence can be appropriate for long-running orchestration, combined with the permission-bypass flag and undeclared credential requirements this increases the blast radius and should be explicitly requested and reviewed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bmad-orchestrator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bmad-orchestrator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
bmad-orchestrator 1.0.0 – Initial Release - Introduces orchestration of the full 4-phase BMAD development workflow (Analysis, Planning, Solutioning, Implementation) across OpenClaw and Claude Code. - Supports interactive BMAD phases (1–3) via OpenClaw chat with user, and delegates automated implementation (phase 4) to Claude Code using tmux sessions. - Integrates party mode: enables multi-agent debates for richer brainstorming, PRD, and architecture discussions. - Tracks project and workflow state in a YAML file for continuity and transparency. - Provides step-by-step guidance, command references, and automation patterns for sending/monitoring tasks in Claude Code.
元数据
Slug bmad-orchestrator
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

BMAD Orchestrator 是什么?

Orchestrate the full BMAD Method workflow across OpenClaw and Claude Code. Use when starting a new project with BMAD methodology, running BMAD phases (brains... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 475 次。

如何安装 BMAD Orchestrator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bmad-orchestrator」即可一键安装,无需额外配置。

BMAD Orchestrator 是免费的吗?

是的,BMAD Orchestrator 完全免费(开源免费),可自由下载、安装和使用。

BMAD Orchestrator 支持哪些平台?

BMAD Orchestrator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 BMAD Orchestrator?

由 henrikrexed(@henrikrexed)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论