← 返回 Skills 市场
budjoskop

HokiPoki

作者 budjoskop · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2005
总下载
1
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install hokipoki
功能描述
Switch AI models without switching tabs using the HokiPoki CLI. Hop between Claude, Codex, and Gemini when one gets stuck. Use when the user wants to request help from a different AI model, hop to another AI, get a second opinion from another model, switch models, share AI subscriptions with teammates, or manage HokiPoki provider/listener mode. Triggers on: 'use codex/gemini for this', 'hop to another model', 'ask another AI', 'get a second opinion', 'switch models', 'hokipoki', 'listen for requests'.
使用说明 (SKILL.md)

HokiPoki Skill

Route tasks to different AI CLIs (Claude, Codex, Gemini) via the HokiPoki P2P network. API keys never leave the provider's machine; only encrypted requests and results are exchanged.

Prerequisites

HokiPoki CLI must be installed and authenticated:

npm install -g @next-halo/hokipoki-cli
hokipoki login

Verify with hokipoki whoami. If not installed, guide the user through setup.

Requesting Help from Another AI

Send a task to a remote AI model. Always use --json for parseable output:

# Specific files
hokipoki request --tool claude --task "Fix the auth bug" --files src/auth.ts --json

# Entire directory
hokipoki request --tool codex --task "Add error handling" --dir src/services/ --json

# Whole project (respects .gitignore)
hokipoki request --tool gemini --task "Review for security issues" --all --json

# Route to a team workspace
hokipoki request --tool claude --task "Optimize queries" --files src/db.ts --workspace my-team --json

# Skip auto-apply (just save the patch)
hokipoki request --tool codex --task "Refactor module" --dir src/ --no-auto-apply --json

Tool selection: if the user doesn't specify a tool, ask which model to use or omit --tool to let HokiPoki choose.

Patch Auto-Apply

Patches auto-apply when the target directory is a git repo with committed files. If auto-apply fails, inform the user and suggest:

git init && git add . && git commit -m "initial"

Provider Mode (Sharing Your AI)

Register and listen for incoming requests:

# Register as a provider (one-time)
hokipoki register --as-provider --tools claude codex gemini

# Start listening
hokipoki listen --tools claude codex

Tasks execute in isolated Docker containers (read-only filesystem, tmpfs workspace, auto-cleanup). Docker must be running.

Status & Account

hokipoki whoami      # Current user info
hokipoki status      # Account, workspaces, history
hokipoki dashboard   # Open web dashboard in browser

When to Suggest Hopping

  • User is stuck on a problem after multiple attempts
  • User asks for a different approach or fresh perspective
  • Task involves a domain where another model excels (e.g., Codex for boilerplate, Gemini for large-context analysis)
  • User explicitly asks to try another AI

Full Command Reference

See references/commands.md for all CLI options, auth token locations, and advanced usage.

安全使用建议
Before installing or running this skill, verify the hokipoki CLI's source: find the npm package repository, inspect its code, and confirm the maintainers. Don't run provider/listen on your main machine — use an isolated VM or disposable host if you must accept inbound requests. Be cautious when using --all or including directories: sensitive files (credentials, private keys, .env, internal configs) can be uploaded; double-check .gitignore and manually exclude secrets. Avoid installing global npm packages from unknown scopes without review. If you plan to act as a provider, confirm exactly how tokens are used and stored, whether API keys ever leave your machine in any form, and test container isolation (don't assume claims like 'LUKS-encrypted Docker containers' are enforced). If you need to proceed but want lower risk: (1) audit the npm package source, (2) run hokipoki only as a requester (not provider), (3) run it inside an isolated container/VM, and (4) never include secrets in requests.
功能分析
Type: OpenClaw Skill Name: hokipoki Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, despite attempts at transparency and stated security measures. It instructs the AI agent to install a global npm package (`@next-halo/hokipoki-cli`), which introduces a supply chain risk. More significantly, it enables the agent to send entire local projects (`--all` flag in `hokipoki request`) to external AI models, which constitutes a broad data exfiltration risk of potentially sensitive code. Furthermore, it allows the local machine to act as a 'provider' (`hokipoki listen`), executing external AI tasks in Docker containers, which changes the security posture of the host machine. While these actions are aligned with the skill's stated purpose, they represent significant security risks without clear malicious intent within the provided files.
能力评估
Purpose & Capability
The declared purpose — routing tasks to other AI models via a CLI — aligns with the runtime instructions (hokipoki request/register/listen). However the docs reference other tools' token file locations (~/.codex/auth.json, ~/.gemini/oauth_creds.json) and recommend sharing subscriptions/team workspaces; while plausible for a P2P provider, those references broaden the skill's scope and merit confirmation of intended token usage.
Instruction Scope
Instructions direct the agent/user to send specific files, directories, or the whole repository (hokipoki request --all) to remote peers and to auto-apply patches to the local git repo. They also advise editing other tool config files (e.g., ~/.codex/config.toml) and enabling a provider listen mode that accepts inbound requests. These steps legitimately implement the stated feature but also enable transmission of potentially sensitive repo contents, editing of local configs, and execution of remote-supplied changes — all of which should be explicitly consented to and audited.
Install Mechanism
Although the registry contains no install spec, the SKILL.md tells users to run `npm install -g @next-halo/hokipoki-cli`. Installing a global, third-party npm package from an unknown author/scope is a meaningful risk (arbitrary code execution on install). No homepage, source repo, or package provenance is provided in the skill metadata to validate the package.
Credentials
The skill declares no required env vars but the docs reference token locations for multiple toolchains and describe sharing AI subscriptions and workspaces. That implies access to credentials stored on disk and potential credential use for outbound/inbound requests. The combination of repo uploads, token locations, and provider/listen mode increases the chance of accidental credential exposure or unintended sharing of sensitive files.
Persistence & Privilege
Provider/register and listen workflows create a long-running listener on the user's machine that auto-triggers re-auth and executes incoming tasks (albeit claimed to run in containers). While always:false (not force-installed), running as a provider grants persistent network exposure and the ability to execute work on your machine — a significant privilege that should only be enabled on a well-audited, isolated host.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install hokipoki
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /hokipoki 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: hop between Claude, Codex, and Gemini AI CLIs via the HokiPoki P2P network
元数据
Slug hokipoki
版本 1.0.0
许可证
累计安装 4
当前安装数 4
历史版本数 1
常见问题

HokiPoki 是什么?

Switch AI models without switching tabs using the HokiPoki CLI. Hop between Claude, Codex, and Gemini when one gets stuck. Use when the user wants to request help from a different AI model, hop to another AI, get a second opinion from another model, switch models, share AI subscriptions with teammates, or manage HokiPoki provider/listener mode. Triggers on: 'use codex/gemini for this', 'hop to another model', 'ask another AI', 'get a second opinion', 'switch models', 'hokipoki', 'listen for requests'. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2005 次。

如何安装 HokiPoki?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hokipoki」即可一键安装,无需额外配置。

HokiPoki 是免费的吗?

是的,HokiPoki 完全免费(开源免费),可自由下载、安装和使用。

HokiPoki 支持哪些平台?

HokiPoki 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 HokiPoki?

由 budjoskop(@budjoskop)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论