← 返回 Skills 市场
292
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install multi-team-coding
功能描述
完整的 AI 驱动编程工作流。包含:(1) 多团队并行开发(OpenClaw + Claude Code/Codex/OpenCode),(2) 一人公司模式(单日 90+ 提交),(3) Playwright 自动化测试(E2E/API/视觉/性能),(4) 自动 PR 管理和合并。适用于独立开发者、初创团队、...
安全使用建议
This skill contains runnable scripts that will: read your repository, invoke external coding agents (claude/codex/opencode), push branches, create and auto-merge PRs via gh, and run npm/pip installs and Playwright tests. Before running or installing: 1) Do not run on a sensitive/production repository — test in a disposable repo or VM. 2) Understand authentication: the scripts assume GitHub CLI/git auth but the skill metadata does not request a GH token; supply least-privilege credentials (or use a throwaway repo). 3) Review prompts that get sent to external agents — they embed diffs and code, which can exfiltrate secrets if those agents are cloud-hosted; prefer local models or remove LLM calls. 4) Provide necessary environment variables deliberately (e.g., TEST_USER_EMAIL/PASSWORD only for test accounts), and avoid putting secrets in plain env vars if possible. 5) Audit and run the included scripts line-by-line first (no automatic background runs), and disable any auto-merge steps until you confirm CI and review behavior. If you need this workflow, request the publisher to update metadata to list required binaries and env vars and to document where prompts are sent (local vs cloud).
功能分析
Type: OpenClaw Skill
Name: multi-team-coding
Version: 1.0.0
The skill bundle provides a highly automated multi-agent coding workflow that manages git worktrees and GitHub PRs. It is classified as suspicious due to a significant command injection vulnerability in 'claude-code-teams.sh' and 'one-person-company.sh', where unsanitized external data (GitHub issue titles and bodies) is embedded directly into shell command strings executed via 'bash pty:true'. A malicious GitHub issue could potentially execute arbitrary code on the host. While the intent appears to be productivity, the lack of input sanitization and the requirement for broad repository permissions (via 'gh' CLI) pose a high security risk.
能力评估
Purpose & Capability
The stated purpose (orchestrating multi-agent coding + Playwright testing) is plausible and matches the use of claude/codex/opencode agents. However the package metadata omits several real requirements: the scripts call gh (GitHub CLI), git, npm/npx, jq, and Playwright, but required binaries/env in the registry only mention claude/codex/opencode and declare no env vars. That mismatch is incoherent: a user installing this should expect to provide GitHub credentials and Node tooling, but the skill does not declare or document them in the metadata.
Instruction Scope
The SKILL.md and included scripts instruct the agent to read repository contents, produce diffs and git logs, embed those into prompts, push branches, create and auto-merge PRs, and run external agents (claude/codex/opencode). Prompts include code and conflict diffs sent to external agents — if those agents are cloud services this results in repository content being transmitted off-host. The instructions also reference environment variables (e.g. TEST_USER_EMAIL, TEST_USER_PASSWORD, CODEX_MODEL, CLAUDE_MODEL) and tooling (gh auth) that are not declared in the registry metadata.
Install Mechanism
No install spec (instruction-only with shipped example scripts). This minimizes supply-chain install risk because nothing is downloaded during install. However the provided scripts will run many commands at runtime (npm install, gh, git push, npx playwright install), so runtime dependencies exist even though there is no installer to review.
Credentials
The skill requests no environment variables in metadata, but the code expects and references multiple env vars (CLAUDE_MODEL, CODEX_MODEL, TEST_USER_EMAIL, TEST_USER_PASSWORD, possibly CI-related vars) and uses GitHub/Git operations that require credentials. It also uses the user's git remote to push and gh to create/merge PRs — actions that need authenticated credentials (SSH keys or gh auth). Declaring no credentials while performing privileged repo operations is disproportionate and misleading.
Persistence & Privilege
always:false (no forced always-on). The skill is allowed to invoke autonomously (default), which combined with the ability to push branches, create and auto-merge PRs, and run external LLMs increases operational blast radius. The skill does not declare modifying other skills or system config, but autonomous invocation plus networked LLM calls means a compromised or misconfigured agent could perform impactful repo operations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install multi-team-coding - 安装完成后,直接呼叫该 Skill 的名称或使用
/multi-team-coding触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
multi-team-coding 1.0.0
- Initial release of a complete AI-driven coding workflow.
- Supports parallel multi-team development with OpenClaw and major coding agents (Claude Code, Codex, OpenCode).
- Enables a "one-person company" mode for high-volume, rapid development and PR management.
- Integrates Playwright for automated E2E, API, visual, and performance testing.
- Features automated PR merging and team orchestration, including workspace creation, progress monitoring, conflict detection, and integration.
元数据
常见问题
Multi Team Coding 是什么?
完整的 AI 驱动编程工作流。包含:(1) 多团队并行开发(OpenClaw + Claude Code/Codex/OpenCode),(2) 一人公司模式(单日 90+ 提交),(3) Playwright 自动化测试(E2E/API/视觉/性能),(4) 自动 PR 管理和合并。适用于独立开发者、初创团队、... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 292 次。
如何安装 Multi Team Coding?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install multi-team-coding」即可一键安装,无需额外配置。
Multi Team Coding 是免费的吗?
是的,Multi Team Coding 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Multi Team Coding 支持哪些平台?
Multi Team Coding 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Multi Team Coding?
由 LongFer(@longfer)开发并维护,当前版本 v1.0.0。
推荐 Skills