功能描述

Install, configure, and use Corust Agent (corust-agent-acp) — an ACP-compatible coding agent. Use when: the user wants to install, configure, set up, or use...

使用说明 (SKILL.md)

Corust Agent Skill

Name: Corust Agent Configure
Author: phoenix500526

Install and configure corust-agent-acp, an ACP-compatible coding agent by Corust AI.

When to Use

✅ USE this skill when:

User wants to install or update corust-agent-acp
User wants to configure corust / corust-agent in OpenClaw
User says "install corust", "configure corust-agent", "use corust-agent-acp", or similar
User wants to run corust-agent via ACP on Discord or other channels

❌ DON'T use this skill when:

User is asking about other ACP agents (claude, codex, gemini)
User is troubleshooting general ACP/acpx issues unrelated to Corust

Setup Steps

Follow these steps in order to install and configure corust-agent-acp.

Step 1: Download and Install the Binary

Detect the current platform and architecture:
- macOS ARM (Apple Silicon / M1+): darwin-arm64
- macOS Intel: darwin-amd64
- Linux x86_64: linux-amd64
- Linux ARM64: linux-arm64
Ask the user where they want to install the binary. Default: $HOME/corust.

Download the latest release from GitHub:

# Example for macOS Apple Silicon
mkdir -p "$HOME/corust"
curl -fSL "https://github.com/Corust-ai/corust-agent-release/releases/latest/download/agent-darwin-arm64.tar.gz" \
  -o /tmp/corust-agent.tar.gz
tar -xzf /tmp/corust-agent.tar.gz -C "$HOME/corust"
chmod +x "$HOME/corust/corust-agent-acp"
rm /tmp/corust-agent.tar.gz

Adjust the archive name based on detected platform:

agent-darwin-arm64.tar.gz — macOS Apple Silicon
agent-darwin-amd64.tar.gz — macOS Intel
agent-linux-amd64.tar.gz — Linux x86_64
agent-linux-arm64.tar.gz — Linux ARM64

Verify the binary works:

"$HOME/corust/corust-agent-acp" --version

Step 2: Configure acpx

Write the following to ~/.acpx/config.json (create the file and directory if they don't exist). Replace $HOME with the actual resolved home directory path.

{
  "agents": {
    "corust-agent-acp": { "command": "$HOME/corust/corust-agent-acp" }
  }
}

Important: If ~/.acpx/config.json already exists and contains other agent entries, merge the corust-agent-acp entry into the existing agents object rather than overwriting the file.

mkdir -p ~/.acpx
# Read existing config, merge, and write back

Step 3: Configure OpenClaw

Add the following configuration to ~/.openclaw/openclaw.json. Use openclaw config set commands or edit the file directly. Merge into existing config — do not overwrite unrelated sections.

ACP configuration:

{
  "acp": {
    "enabled": true,
    "dispatch": {
      "enabled": true
    },
    "backend": "acpx",
    "defaultAgent": "corust-agent-acp",
    "allowedAgents": [
      "corust-agent-acp"
    ],
    "maxConcurrentSessions": 8,
    "stream": {
      "coalesceIdleMs": 300,
      "maxChunkChars": 1200
    },
    "runtime": {
      "ttlMinutes": 120
    }
  }
}

ACPX plugin configuration:

{
  "plugins": {
    "entries": {
      "acpx": {
        "enabled": true,
        "config": {
          "permissionMode": "approve-all",
          "nonInteractivePermissions": "deny"
        }
      }
    }
  }
}

Step 4: Tell the User How to Configure Discord

After completing the above steps, instruct the user on Discord setup. Do NOT run these commands automatically — only tell the user what to do.

Provide the following instructions:

Discord Configuration

Enable ACP thread spawning and open DM access:

openclaw config set channels.discord.threadBindings.spawnAcpSessions true
openclaw config set channels.discord.allowFrom '["*"]'

Enable thread creation permissions in Discord:

Go to your Discord server → channel settings → Permissions, and ensure the bot role has:
- Create Public Threads — enabled
- Create Private Threads — enabled
- Send Messages in Threads — enabled
Start using Corust Agent:

In any text channel, mention the bot and say:

@Bot run corust

The bot will spawn a corust-agent-acp session in a new thread and begin working on your task.

Troubleshooting

"acpx command not found": Ensure the ACPX plugin is enabled and the gateway has been restarted after configuration changes.
Agent binary not found: Verify the path in ~/.acpx/config.json points to the correct binary location and the file is executable (chmod +x).
Discord "Not authorized": Run openclaw config set channels.discord.allowFrom '["*"]' and restart the gateway.
Network issues (proxy): If Discord connections fail, set openclaw config set channels.discord.proxy "http://127.0.0.1:\x3Cport>" with your local proxy port. Also consider enabling TUN mode on your proxy client for full coverage.

安全使用建议

This skill appears to do what it says (install and wire up corust-agent) but includes two points you should review before installing: (1) it downloads and runs a binary from a remote GitHub 'latest' release — verify the release source, prefer a pinned version, and check signatures or checksums before executing; consider downloading manually and inspecting or running in a sandbox/container; (2) it recommends making OpenClaw/ACPX/Discord settings permissive (channels.discord.allowFrom ['*'], permissionMode 'approve-all') which can let untrusted users spawn agents or give agents broad approval. Instead, restrict allowFrom to specific channels or roles, avoid 'approve-all' unless you fully trust your environment, back up existing ~/.acpx and ~/.openclaw configs before merging, and test changes in a staging environment. If you lack confidence in the GitHub repo's authenticity, ask the vendor for signed releases or hashes, or run the agent binary under a limited user/VM.

功能分析

Type: OpenClaw Skill Name: corust-agent Version: 1.0.0 The skill downloads and executes a binary from an external GitHub repository (Corust-ai/corust-agent-release) and instructs the user to configure highly permissive security settings in SKILL.md. Specifically, it recommends setting 'channels.discord.allowFrom' to '["*"]' and the ACPX plugin 'permissionMode' to 'approve-all', which allows any Discord user to trigger agent actions and grants the agent broad execution authority. While these actions are documented as part of the setup process for a remote coding agent, they represent significant security risks (unauthorized access and potential RCE) that lack sufficient safeguards.

能力评估

✓ Purpose & Capability

The skill's name and description match the actions in SKILL.md: downloading a corust-agent binary, placing it under $HOME/corust, and configuring ACPX/OpenClaw. The declared required binaries (curl, tar) fit the stated installation steps and no unrelated credentials or binaries are requested.

⚠ Instruction Scope

Instructions include expected setup tasks (download, extract, mark executable, write/merge ~/.acpx/config.json and ~/.openclaw/openclaw.json). However the guidance also tells administrators to enable broadly permissive settings: channels.discord.allowFrom '[["*"]]' and an ACPX plugin config with permissionMode 'approve-all'. Those configuration changes expand who/what can spawn agent sessions and may expose the system to untrusted inputs. The skill also instructs executing an unsigned remote binary fetched via the 'latest' GitHub release URL without guidance to verify checksums or signatures.

ℹ Install Mechanism

There is no formal install spec — the SKILL.md instructs using curl to download a tar.gz from GitHub Releases and extracting it. Using GitHub Releases is common and reasonable, but downloading and executing a remote binary (especially via the 'latest' redirect) is nontrivial risk unless the release is signed or checksums are verified. The instruction to extract and run the binary is proportionate to the purpose but should advise integrity verification.

✓ Credentials

The skill requests no environment variables or credentials and only modifies user-level config files under the home directory. There are no unexplained secret requests or cross-service keys in the manifest.

⚠ Persistence & Privilege

The skill itself is not 'always:true' and requests no special platform privileges, but it explicitly directs changing global OpenClaw/ACPX/Discord settings that increase agent invocation reach (allowFrom ['*'], permissionMode 'approve-all', enabling ACP dispatch/threads). Combined with default autonomous agent invocation, these recommended config changes broaden the system's attack surface and risk unauthorized agent starts.

版本历史

v1.0.0

Initial release: install, configure, and use corust-agent-acp

元数据

Slug corust-agent

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Corust Agent Configure 是什么？

Install, configure, and use Corust Agent (corust-agent-acp) — an ACP-compatible coding agent. Use when: the user wants to install, configure, set up, or use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 109 次。

如何安装 Corust Agent Configure？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install corust-agent」即可一键安装，无需额外配置。

Corust Agent Configure 是免费的吗？

是的，Corust Agent Configure 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Corust Agent Configure 支持哪些平台？

Corust Agent Configure 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Corust Agent Configure？

由 Phoenix（@phoenix500526）开发并维护，当前版本 v1.0.0。

Corust Agent Configure