← 返回 Skills 市场
t0nyren

Manus on OpenClaw

作者 t0nyren · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
269
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install manus-openclaw-bridge
功能描述
Connect OpenClaw to Manus task APIs for chat-driven image generation, document/slides jobs, task polling, output collection, and messaging-surface return flows.
使用说明 (SKILL.md)

Manus OpenClaw Bridge

Use this skill to turn OpenClaw into a Manus launcher and result collector.

Requirements

Runtime dependencies:

  • OpenClaw
  • Bash
  • curl
  • Python 3.9+
  • Node.js 18+ (required for slides JSON -> PPTX conversion)

Required local configuration:

  • ~/.config/manus-openclaw-bridge/manus.env
  • MANUS_API_KEY must be supplied by each installer
  • MANUS_API_BASE must be supplied explicitly by each installer and must use https://

Read REQUIREMENTS.md for a concise dependency and configuration summary. Read SECURITY.md for the download and credential safety model.

Quick start

  1. Read references/setup.md if Manus API access is not configured yet.
  2. Put the Manus API key and Manus API base URL in ~/.config/manus-openclaw-bridge/manus.env.
  3. Submit a task with scripts/manus_submit.sh or scripts/manus_prompt.sh.
  4. Poll/download results with scripts/manus_get_task.sh or scripts/manus_wait_and_collect.py.
  5. If the result is a slides JSON bundle, convert it with scripts/manus_slides_json_to_pptx.mjs.
  6. If the user is on Feishu, return downloaded files with the normal OpenClaw message/file send flow.

Workflow

1. Submit a new Manus task

Use scripts/manus_submit.sh "\x3Cprompt>" when the prompt is already clean.

Use scripts/manus_prompt.sh "Manus, generate an image of a rainy forest" when the message may contain a leading Manus trigger and mixed punctuation.

Defaults:

  • MANUS_AGENT_PROFILE=manus-1.6
  • MANUS_TASK_MODE=agent
  • MANUS_API_BASE must be set explicitly to your Manus API base URL

2. Inspect an existing task

Use scripts/manus_get_task.sh \x3Ctask_id> to fetch the raw task payload.

3. Wait for completion and collect files

Use python3 scripts/manus_wait_and_collect.py \x3Ctask_id> [timeout_seconds].

This writes downloaded files to tmp/manus/ under the skill folder and prints a JSON summary with:

  • task_id
  • status
  • task_title
  • task_url
  • files[]
  • raw

Download safety rules:

  • only https:// URLs are accepted
  • only Manus-controlled allowlisted hosts are accepted
  • redirect targets are validated again after connection open
  • if Manus returns any other URL, the script refuses to fetch it and records a download_error

4. Handle slides/report outputs

If Manus returns a slides JSON artifact instead of a ready-made .pptx, convert it with:

node scripts/manus_slides_json_to_pptx.mjs \x3Cslides.json> \x3Coutput.pptx>

Read references/slides.md when the task is slide-heavy.

5. Return results to the user

Prefer this pattern:

  • If Manus returns downloadable files, send the files.
  • If Manus returns images, send image files directly.
  • If Manus returns only text/status, send a short summary plus the task URL when available.
  • If Manus is still running, acknowledge quickly and poll with a bounded interval instead of a tight loop.

Feishu return pattern

When the current conversation is Feishu:

  • Download files first with scripts/manus_wait_and_collect.py.
  • Send each saved file path back through OpenClaw’s normal reply/file mechanism.
  • For images, prefer image/file upload rather than pasting long CDN URLs.
  • If there are multiple files, send the best result first, then the rest if useful.

Read references/feishu-return.md when wiring file return behavior.

OpenClaw integration notes

  • Keep secrets out of the skill package. Never hardcode MANUS_API_KEY in scripts or docs.
  • Store keys and endpoints in ~/.config/manus-openclaw-bridge/manus.env on each recipient machine.
  • For direct-message style image requests, a simple trigger is enough: strip Manus, or manus: and forward the remainder.
  • For group chats, define an explicit trigger rule to avoid accidental job launches.
  • If returning files to Feishu/Telegram/etc., use the platform’s native send/upload tool after manus_wait_and_collect.py downloads the outputs.
  • If the request is long-running, prefer acknowledging first and completing asynchronously.

When to read references

  • Read references/setup.md for first-time installation and environment setup.
  • Read references/chat-patterns.md when wiring the Manus flow into OpenClaw message handling rules.
  • Read references/feishu-return.md when returning Manus images/files into Feishu.
  • Read references/feishu-skill-template.md when another OpenClaw user wants a ready-made Feishu routing pattern.
  • Read references/openclaw-integration.md for a full end-to-end integration pattern.
  • Read references/slides.md when handling deck-generation outputs.
安全使用建议
This skill appears to implement a legitimate Manus–OpenClaw bridge, but do not install/run it without addressing two issues: (1) update the package/registry metadata to declare MANUS_API_KEY and MANUS_API_BASE so installers know they must supply credentials locally; (2) fix or avoid using scripts/manus_slides_json_to_pptx.mjs as shipped — it will fetch slide asset URLs over plain HTTP and follow redirects without enforcing the Manus host allowlist described in SKILL.md/SECURITY.md. Until the slides script is patched to enforce HTTPS and host allowlisting (or you sandbox its execution), treat slide conversion as untrusted network I/O. Also: keep your MANUS_API_KEY in a secure local file (as recommended), run the skill in a least-privileged/sandboxed environment, and review any slide JSON before converting to avoid unexpected external downloads.
功能分析
Type: OpenClaw Skill Name: manus-openclaw-bridge Version: 1.0.2 The skill bundle contains critical shell injection vulnerabilities in 'scripts/manus_submit.sh' and 'scripts/manus_get_task.sh', where user-provided prompts and task IDs are expanded inside double-quoted strings in curl commands, potentially allowing Remote Code Execution (RCE). Furthermore, there is a significant security discrepancy: 'SKILL.md' and 'SECURITY.md' claim that all downloads are restricted to HTTPS and allowlisted hosts, but 'scripts/manus_slides_json_to_pptx.mjs' fails to implement these checks, allowing plain HTTP and arbitrary host connections. While these appear to be unintentional security flaws rather than deliberate malware, they represent a high-risk attack surface for prompt-driven exploitation.
能力评估
Purpose & Capability
The skill's code and SKILL.md align with the stated purpose (submit Manus tasks, poll results, download outputs, convert slides). However the registry metadata lists no required env vars while SKILL.md and the scripts require MANUS_API_KEY and MANUS_API_BASE in ~/.config/manus-openclaw-bridge/manus.env — this metadata mismatch is an integrity/packaging concern and could mislead installers.
Instruction Scope
Most runtime instructions stay within scope: scripts only source the local config file and call Manus endpoints. But manus_slides_json_to_pptx.mjs downloads arbitrary asset URLs from slide JSON and accepts HTTP URLs (it uses http or https based on the URL) and follows redirects without any host allowlist or revalidation. That contradicts the SKILL.md/SECURITY.md claim that only HTTPS and allowlisted Manus hosts will be fetched, creating a real risk of fetching untrusted content or following redirects to attacker-controlled hosts.
Install Mechanism
This is an instruction-only skill (no install spec). No remote installer or archive downloads are performed by the package itself; scripts live in the package. No high-risk install URLs are present.
Credentials
Requesting MANUS_API_KEY and MANUS_API_BASE is proportionate to a Manus bridge. However the required-envs are not declared in the registry metadata (it shows none), which is inconsistent and could hide the need to supply credentials at install time. The scripts otherwise only read that local env file and a MANUS_CONFIG_FILE override.
Persistence & Privilege
The skill does not request always:true and has no special persistent privileges. It writes downloaded files into its own tmp/.manus folder and slide assets under the output directory; it does not modify other skills or system-wide configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install manus-openclaw-bridge
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /manus-openclaw-bridge 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Version 1.0.2 - Added skill metadata fields: version, requires, config, external_services, and security_notes. - Explicitly require both MANUS_API_KEY and MANUS_API_BASE in configuration, with base URL restricted to HTTPS. - Enhanced security notes: download redirects are now revalidated and no secrets are bundled with the skill package. - Improved documentation to clarify required environment variables and stricter setup steps.
v1.0.1
Version 1.0.1 - Added REQUIREMENTS.md and SECURITY.md for clearer dependency, configuration, and download/credential safety documentation. - Updated skill description to clarify runtime dependencies and downloader safety behavior. - Expanded documentation in SKILL.md to explicitly list prerequisites, configuration steps, and download restrictions. - Manus downloader now strictly allows only HTTPS URLs from an allowlisted set of Manus-controlled hosts for improved security.
v1.0.0
manus-openclaw-bridge v1.0.0 – Initial public release - Enables OpenClaw to connect with Manus APIs for chat-driven image generation and document/slide jobs. - Provides scripts for submitting tasks, polling task status, downloading and converting Manus outputs (including slides JSON to PPTX). - Outlines integration patterns for messaging platforms like Feishu, including file handling and return flows. - Includes setup and integration documentation, with references for environment, chat handling, and output processing. - Emphasizes secure API key storage and best practices for asynchronous job handling.
元数据
Slug manus-openclaw-bridge
版本 1.0.2
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Manus on OpenClaw 是什么?

Connect OpenClaw to Manus task APIs for chat-driven image generation, document/slides jobs, task polling, output collection, and messaging-surface return flows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 269 次。

如何安装 Manus on OpenClaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install manus-openclaw-bridge」即可一键安装,无需额外配置。

Manus on OpenClaw 是免费的吗?

是的,Manus on OpenClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Manus on OpenClaw 支持哪些平台?

Manus on OpenClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Manus on OpenClaw?

由 t0nyren(@t0nyren)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论