← 返回 Skills 市场
461
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install miniade-dispatchi
功能描述
Launch non-blocking interactive Claude Code tasks for slash-only plugins like ralph-loop. Use when a task needs interactive slash commands and completion cal...
安全使用建议
This skill appears to do what it says (start interactive Claude Code sessions in tmux), but check these before installing:
- Verify required runtime binaries are present: python3, tmux, jq, sha1sum (coreutils), and the claude CLI at CLAUDE_CODE_BIN. The metadata did not list these, so the script may fail if they are missing.
- Inspect any dispatch.env.local you provide — the loader exports allowlisted keys (OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, etc.). Those can reference config files or credentials; only supply values you trust.
- Keep ENABLE_CALLBACK disabled (default 0) unless you intentionally want the skill to post callbacks to Telegram/group hooks. Enabling callbacks may cause network activity and should be configured deliberately.
- Confirm the claude binary you point to (CLAUDE_CODE_BIN) is trusted, since it will make network calls to the Claude service.
- Consider running the script in a controlled environment (non-production user account) first to verify output/log locations and behavior.
If you want me to, I can list the exact commands the scripts invoke and a checklist of binaries/paths to validate on your host.
功能分析
Type: OpenClaw Skill
Name: miniade-dispatchi
Version: 0.1.1
The skill is classified as suspicious due to a prompt injection vulnerability. The `scripts/run_dispatchi.sh` script constructs a `RALPH_CMD` string that includes user-provided `PROMPT` text, which is then passed to the `claude` agent. Although `shlex.quote` is used to prevent shell injection into the `python3` wrapper, the `PROMPT` itself is double-quoted within the `RALPH_CMD` string (e.g., `/ralph-loop:ralph-loop "${PROMPT}"`). This allows a malicious user to inject arbitrary arguments into the `ralph-loop` command by crafting a `PROMPT` that breaks out of the inner quotes (e.g., `foo" --evil-arg "bar`), thereby manipulating the AI agent's internal command execution. Additionally, `scripts/vendor/claude_code_run.py` includes logic to automatically bypass `claude`'s workspace trust and permission prompts, which, while configurable, reduces interactive security checks.
能力评估
Purpose & Capability
The name/description (launch interactive Claude Code tasks for slash-only plugins) matches what the scripts do: spawn Claude CLI sessions in tmux, capture output, and manage runs. Included files (a wrapper and shell launcher) are coherent with the stated purpose.
Instruction Scope
SKILL.md simply delegates to scripts/run_dispatchi.sh, and that script limits env file parsing to an allowlist, writes results to per-run directories, and launches tmux + a local claude CLI. The runtime does not attempt to read arbitrary files or source env files, but it does expect/require runtime binaries (tmux, jq, python3, sha1sum, claude, etc.) that are not declared in the skill metadata. The script can also enable callbacks (ENABLE_CALLBACK=1), which would cause external network interactions when explicitly enabled.
Install Mechanism
No install spec (instruction-only with bundled scripts) — nothing is downloaded at runtime and code is bundled with the skill. This is a low install-risk pattern.
Credentials
The skill declares no required env vars, but the script reads a local env file (allowlisted keys only) and exports variables such as OPENCLAW_CONFIG, OPENCLAW_TELEGRAM_ACCOUNT, and CLAUDE_CODE_BIN. Some of these (e.g., OPENCLAW_CONFIG) may point to files containing sensitive tokens; callbacks are disabled by default but can be enabled via ENABLE_CALLBACK=1, which would allow network interactions (e.g., Telegram group) if configured. The presence of many optional but potentially sensitive env keys is disproportionate unless you intend to integrate OpenClaw/Telegram/claude on that host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and runs as a transient tmux session. It writes run outputs and logs under configurable result/log directories (defaults are user-home paths), which is expected behavior for this utility.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install miniade-dispatchi - 安装完成后,直接呼叫该 Skill 的名称或使用
/miniade-dispatchi触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
release 0.1.1
元数据
常见问题
Dispatchi (Ralph Loop) 是什么?
Launch non-blocking interactive Claude Code tasks for slash-only plugins like ralph-loop. Use when a task needs interactive slash commands and completion cal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 461 次。
如何安装 Dispatchi (Ralph Loop)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install miniade-dispatchi」即可一键安装,无需额外配置。
Dispatchi (Ralph Loop) 是免费的吗?
是的,Dispatchi (Ralph Loop) 完全免费(开源免费),可自由下载、安装和使用。
Dispatchi (Ralph Loop) 支持哪些平台?
Dispatchi (Ralph Loop) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Dispatchi (Ralph Loop)?
由 Xi ErDe(@edxi)开发并维护,当前版本 v0.1.1。
推荐 Skills