← 返回 Skills 市场

OpenClaw Manager

Name: OpenClaw Manager
Author: zephyrchen0754

作者 ZephyrChen0754 · GitHub ↗ · v0.3.2 · MIT-0

cross-platform ⚠ suspicious

205

总下载

当前安装

版本数

在 OpenClaw 中安装

/install humanclaw-made-openclaw-manager

功能描述

Install or operate a standalone local OpenClaw manager skill that adds shadow-first thread observation, durable session/run state, a loopback-only sidecar, a...

使用说明 (SKILL.md)

OpenClaw Manager

Use this skill when the task is to operate, inspect, or extend the local OpenClaw Manager control plane.

What this skill owns

local session / run / event / checkpoint / attention state
shadow-first thread_shadow observation and promotion queue
append-only events.jsonl and skill_traces.jsonl
local snapshot export
connector normalization for Telegram, WeCom, Email, and GitHub
capability graph and anonymized fact export
standalone sidecar bootstrap and local command surface
loopback-only sidecar by default
consent-gated sidecar autostart

Entry points

bootstrap runtime: src/skill/bootstrap.ts
local sidecar API: src/api/server.ts
command registry: src/skill/commands.ts
connector registry: src/connectors/registry.ts
capability graph: src/telemetry/capability-graph.ts

References

architecture: docs/architecture.md
session model: docs/session-model.md
event schema: docs/event-schema.md
connector protocol: docs/connector-protocol.md
capability facts: docs/capability-facts.md
security model: SECURITY.md

安全使用建议

Before installing: 1) Treat this as a local Node.js service — ensure you want a background sidecar and local durable state under ~/.openclaw/skills/manager. 2) Verify you have Node.js >=20 and npm available (the installer requires these). 3) Inspect the code (bootstrap, sidecar-launcher, connectors) yourself or run the provided security smoke tests (node scripts/security-smoke.cjs and node scripts/smoke-test.cjs) in an isolated environment. 4) Confirm the npm registry and lockfile are acceptable to you (installer enforces official registry). 5) Note that connectors are opt-in but will require secrets if enabled; keep those secrets in private config and avoid committing them. 6) Only grant the autostart consent if you are comfortable the launcher will spawn a local Node process; you can run the sidecar manually instead. 7) If you lack the ability to audit the code, run the skill in a sandboxed user account or VM and back up any sensitive local data first.

功能分析

Type: OpenClaw Skill Name: humanclaw-made-openclaw-manager Version: 0.3.2 The OpenClaw Manager is a local control plane designed to manage agent session state, thread observation (shadowing), and capability reporting. The bundle implements a local sidecar architecture using Express, which is strictly configured to bind to loopback (127.0.0.1) by default and requires explicit user consent for autostart functionality (src/skill/bootstrap.ts). Security-focused features are present, such as a security smoke test (scripts/security-smoke.cjs) that validates network boundaries and an installation script that enforces the official npm registry to prevent dependency confusion. No evidence of data exfiltration, unauthorized remote access, or malicious prompt injection was found; the tool's high-privilege actions (filesystem access and local process spawning) are well-documented and aligned with its stated purpose.

能力评估

ℹ Purpose & Capability

The code, docs, and SKILL.md consistently describe a local Node.js 'OpenClaw Manager' that hosts a loopback sidecar, filesystem-first state, connector adapters, and telemetry exports. That behavior matches the name and description. However, the registry metadata claims 'required binaries: none' and 'required env vars: none', which is inaccurate: the project requires Node.js (node, npm) and uses many OPENCLAW_MANAGER_* configuration envs and a CODEX_HOME for optional install. This metadata mismatch is an incoherence that should be addressed.

✓ Instruction Scope

The SKILL.md and included scripts limit network activity to loopback by default and document connector opt-in behavior. Runtime instructions read local manager settings, write durable state under a documented directory, run local health checks, and may spawn a local Node process to start the sidecar (consent-gated). They do not, by default, upload raw transcripts or phone home. Connectors (Telegram/WeCom/Email/GitHub) are present but are explicitly opt-in and require additional configuration/secrets to make external requests.

ℹ Install Mechanism

There is no registry install spec in the metadata, but the repo contains an installer script (scripts/install.sh) that runs 'npm ci' and 'npm run build'. The installer checks the npm registry and the lockfile and uses the official npm registry; that is reasonable but still involves fetching packages from npm. The presence of a full package-lock and many source files increases the surface area vs. a pure instruction-only skill. The installer also prompts for autostart consent and can copy files into $CODEX_HOME. This is moderate-risk but expected for a Node-based local sidecar.

⚠ Credentials

Registry metadata lists no required env vars, yet the code and docs read many configuration env vars (OPENCLAW_MANAGER_STATE_ROOT, OPENCLAW_MANAGER_BIND_HOST, OPENCLAW_MANAGER_SIDECAR_URL, OPENCLAW_MANAGER_ALLOW_REMOTE_SIDECAR, OPENCLAW_MANAGER_NO_AUTOSTART, OPENCLAW_MANAGER_SERVER_PROCESS, PORT, and optionally CODEX_HOME). While these are configuration values (not secrets) and are justified by the project's behavior, the absence of these in the declared metadata is an incoherence. Connectors can require secrets when enabled, which is documented; those secrets are local but should be treated with care.

✓ Persistence & Privilege

The skill persists local state under a documented default (~/.openclaw/skills/manager) and stores a one-time autostart consent flag there. It can copy itself into $CODEX_HOME when asked. It does not request 'always: true' and does not claim to modify other skills. Autostart is consent-gated and disabled by default. These privileges are proportionate to a local manager, though autostart and process-spawning increase risk and should be explicitly consented to.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install humanclaw-made-openclaw-manager
安装完成后，直接呼叫该 Skill 的名称或使用 /humanclaw-made-openclaw-manager 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.2

Security hardening release: loopback-only default sidecar binding, consent-gated autostart, official npm registry lockfile cleanup, security smoke checks, and clearer local-sidecar disclosure.

v0.3.1

Public-ready v1. Synced skill metadata to 0.3.1, cleaned the README, added the fastest-path install flow, install modes, troubleshooting notes, and a 3-minute quickstart.

元数据

Slug humanclaw-made-openclaw-manager

版本 0.3.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题