← 返回 Skills 市场
Creative Agents
作者
austindixson
· GitHub ↗
· v1.0.0
410
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install creative-agents
功能描述
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Use when configuring or running researcher, social media, blog, or scrib...
使用说明 (SKILL.md)
Creative Agents Skill
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Provides the automation layer that agent definitions in agents/ rely on.
Overview
These scripts power four creative agents:
- Researcher — topic research via last30days skill
- Social Media Manager — posting, monitoring, engagement via Playwright + OAuth
- Blogger — content pipeline: research → outline → draft → humanize → publish
- Scribe — log analysis, pattern detection, memory curation
Scripts
| Script | Class | Purpose |
|---|---|---|
researcher_integration.py |
ResearcherIntegration |
Discovers and invokes the last30days skill, parses results into structured reports |
oauth_handler.py |
OAuthHandler |
Manages OAuth tokens for social platforms (Twitter, LinkedIn, etc.) |
social_playwright.py |
SocialPlaywright |
Browser automation for social media actions via Playwright |
humanizer_integration.py |
HumanizerIntegration |
Discovers and invokes the humanizer skill for natural-sounding content |
log_analyzer.py |
LogAnalyzer |
Multi-source log scanning (Cursor, nanobot, Claude, shell) |
memory_curator.py |
MemoryCurator |
Extracts insights from daily notes and commits to MEMORY.md |
scribe_integration.py |
ScribeIntegration |
Orchestrates the full scribe pipeline with memory commits |
Usage
All scripts are importable as Python modules and executable as CLI tools:
# Research
python3 scripts/researcher_integration.py --topic "AI agents" --days 30 --json
# OAuth status
python3 scripts/oauth_handler.py status --platform twitter --json
# Social posting
python3 scripts/social_playwright.py post --platform twitter --content "Hello world" --json
# Humanize content
python3 scripts/humanizer_integration.py --content "Technical text" --style casual --json
# Log analysis
python3 scripts/log_analyzer.py --hours 24 --sources cursor,nanobot,claude --json
# Memory curation
python3 scripts/memory_curator.py curate --days 7 --json
# Scribe pipeline
python3 scripts/scribe_integration.py --mode daily --commit-memory --json
Architecture
nanobot routes tasks → overstory spawns agents → agents invoke these scripts.
Agent definitions live in /Users/ghost/.openclaw/workspace/agents/. Scripts live here. Overstory handles all agent lifecycle (spawn, monitor, collect results).
Requirements
- Python 3.9+
- Playwright (for social_playwright.py)
- Optional: system keyring (for encrypted OAuth token storage)
安全使用建议
Before installing or enabling this skill:
- Understand it reads many personal files (shell history, local logs, Claude transcripts, and journal/daily notes) and will write to a MEMORY.md and ~/.nanobot/oauth_tokens.json — review those paths and confirm you are comfortable with that access.
- The skill expects OAuth client IDs/secrets via environment variables (e.g., TWITTER_CLIENT_ID/TWITTER_CLIENT_SECRET) but the metadata doesn't declare them — only set these in a safe environment if you intend to use social features.
- OAuth tokens are stored in the system keyring if available, otherwise stored as plaintext (permission 600) in ~/.nanobot/oauth_tokens.json — install a keyring backend or avoid using the OAuth features if you cannot accept plaintext storage.
- The scripts discover and execute other local skills via subprocess.run; review any discovered skill entry points on disk to ensure you trust them.
- If you have sensitive data on the machine, consider running this skill in an isolated environment or container, inspect the code yourself, and avoid granting it autonomous or always-on capabilities.
- If you want to proceed, at minimum: (1) inspect oauth_handler.py and the storage location, (2) enable a system keyring, (3) review and restrict which directories the skill can access, and (4) set required CLIENT_ID/CLIENT_SECRET env vars only when needed.
功能分析
Type: OpenClaw Skill
Name: creative-agents
Version: 1.0.0
The skill bundle is classified as suspicious due to several high-risk patterns and vulnerabilities. The `scripts/social_playwright.py` file dynamically constructs and executes Python code via `python3 -c`, which, despite using `json.dumps` for input, is an inherently risky pattern that could lead to code injection if exploited. Additionally, `scripts/humanizer_integration.py`, `scripts/researcher_integration.py`, and `scripts/scribe_integration.py` invoke external Python skills via `subprocess.run`. While arguments are passed as lists (mitigating direct shell injection from this script), this creates a potential RCE chain if the invoked skills are vulnerable to argument injection or if skill discovery paths are compromised. Finally, `scripts/oauth_handler.py` stores sensitive OAuth tokens in plaintext if the `keyring` module is unavailable, posing a significant data-at-rest vulnerability. There is no clear evidence of intentional malicious behavior, but these vulnerabilities elevate the risk beyond benign.
能力评估
Purpose & Capability
The included Python modules (researcher, oauth, playwright integration, humanizer, log analyzer, memory curator, scribe orchestrator) align with the declared purpose of managing creative agents. However, the skill's registry metadata declares no required environment variables or credentials even though oauth_handler expects platform-specific CLIENT_ID/CLIENT_SECRET environment variables and the integration code expects other skill paths (HUMANIZER_SKILL_PATH, LAST30DAYS_SKILL_PATH). This omission is an incoherence between claimed requirements and actual capabilities.
Instruction Scope
SKILL.md and the scripts instruct the agent to read many user-local paths: shell history (~/.zsh_history, ~/.bash_history), ~/.openclaw logs, ~/.claude transcripts, Cursor logs, and user workspace files (e.g., /Users/ghost/.openclaw/workspace/MEMORY.md). The oauth handler stores and reads tokens under ~/.nanobot and may call external OAuth endpoints. The skill also discovers and runs other local skill entry points via subprocess.run — which means it can execute arbitrary code found on disk. These behaviors go beyond a simple 'integration helper' and involve reading and writing sensitive local data.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain installation risk. However, the package includes multiple executable Python scripts bundled with the skill — invoking the skill will execute that code on the host. No external downloads are performed by the skill itself (network is used for OAuth token exchanges), but because the scripts invoke other local skills via subprocess, they may execute third-party code present on disk.
Credentials
The skill metadata declares no required environment variables or primary credential, yet oauth_handler reads/depends on per-platform environment variables (e.g., TWITTER_CLIENT_ID, TWITTER_CLIENT_SECRET) to complete OAuth flows; other modules also check HUMANIZER_SKILL_PATH and LAST30DAYS_SKILL_PATH environment variables. The OAuth component persists tokens to ~/.nanobot/oauth_tokens.json and will store them as plaintext if the system keyring is unavailable — a significant credential-handling risk that is not reflected in the declared requirements.
Persistence & Privilege
The skill does not request 'always' or any elevated platform privilege. It does, however, write to user files: it will create ~/.nanobot for tokens, append to a MEMORY.md at a hard-coded path under the user's workspace, and can generate cron entry text for the user. It does not automatically install cron jobs, but it will persist tokens and memory entries when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install creative-agents - 安装完成后,直接呼叫该 Skill 的名称或使用
/creative-agents触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of creative-agents, providing automation scripts for agent workflows:
- Integrates researcher, social media manager, blogger, and scribe agents managed by overstory (Claude Code).
- Provides Python modules/CLI tools for research, OAuth/social media automation, content humanization, log analysis, and memory curation.
- Implements orchestration and integration layers for agent tasks, including Playwright-based browser automation.
- Designed for direct import or command-line use in multi-agent creative workflows.
元数据
常见问题
Creative Agents 是什么?
Integration scripts for the creative agent swarm managed by overstory (Claude Code). Use when configuring or running researcher, social media, blog, or scrib... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 410 次。
如何安装 Creative Agents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install creative-agents」即可一键安装,无需额外配置。
Creative Agents 是免费的吗?
是的,Creative Agents 完全免费(开源免费),可自由下载、安装和使用。
Creative Agents 支持哪些平台?
Creative Agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Creative Agents?
由 austindixson(@austindixson)开发并维护,当前版本 v1.0.0。
推荐 Skills