← 返回 Skills 市场
76
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nm-attune-mission-orchestrator
功能描述
Lifecycle orchestrator that auto-detects project state and routes to the correct development phase
安全使用建议
This skill appears to implement what it claims, but its runtime instructions expect local git and the GitHub CLI and will read and modify repository files and create issues on GitHub. Before installing or running it: (1) Confirm who will run the skill and what git/GitHub credentials that agent has. (2) Expect it to write .attune/mission-state.json and possibly edit artifact files—keep backups or run in a fork/isolated repo. (3) If you do not want automatic issue creation, use the --no-auto-issues flag or avoid --auto. (4) Ask the publisher to declare required binaries and credentials (e.g., gh, git, GITHUB_TOKEN) in the skill metadata so you can evaluate permissions. (5) If you need higher assurance, review the attune and leyline skill implementations that this orchestrator invokes to confirm they do not perform unexpected network or credential access.
功能分析
Type: OpenClaw Skill
Name: nm-attune-mission-orchestrator
Version: 1.0.0
The skill bundle is a development lifecycle orchestrator that manages project phases from brainstorming to execution. It is classified as suspicious due to a potential shell injection vulnerability in 'modules/phase-routing.md'. The instructions direct the AI agent to extract 'Out of Scope' items from project documents and pass them directly into a 'gh issue create' shell command without specifying input sanitization or escaping. This could allow an attacker who can influence the project's documentation (e.g., via a pull request) to execute arbitrary commands on the user's system if the agent executes the command naively.
能力评估
Purpose & Capability
Name/description and the SKILL.md consistently describe a lifecycle orchestrator that delegates to attune/leyline skills and persists mission state. The declared config paths (night-market.attune/* and night-market.leyline/*) align with invoked skills and hooks, so purpose and high-level capabilities are coherent.
Instruction Scope
SKILL.md instructs the agent to scan the repository (docs/*, .attune/, git history), read and modify artifacts (update 'Out of Scope' with issue references), persist state to .attune/mission-state.json, run git commands (git log --since) and run the GitHub CLI (gh issue create). These actions go beyond passive analysis: they read and write repo files and invoke external network operations. While these are plausible for an orchestrator, they are not declared and grant the skill broad discretion to modify project files and call external endpoints.
Install Mechanism
Instruction-only skill with no install steps or downloaded code. That minimizes installer risk because nothing new is written to disk by an installer. The runtime actions (file I/O, shell commands) remain a runtime concern rather than an install-time risk.
Credentials
The skill requires no environment variables in metadata, but its instructions rely on tools and credentials that are not declared: the GitHub CLI ('gh') and authenticated GitHub access to create issues, plus git for repository checks. It will also write to the working tree (.attune/mission-state.json and possibly update artifacts). The missing declaration of required binaries and credentials (e.g., gh auth/GITHUB_TOKEN) is a mismatch and could lead to unexpected network activity or failures.
Persistence & Privilege
The skill persists state to .attune/mission-state.json and can modify artifacts (adding issue references). That persistence and write access is consistent with an orchestrator's needs, but it is persistent on disk and will alter repository files. 'always' is false (good). Autonomous invocation is allowed by default—combined with the above concerns, this increases the blast radius if the agent is granted repo and GitHub permissions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nm-attune-mission-orchestrator - 安装完成后,直接呼叫该 Skill 的名称或使用
/nm-attune-mission-orchestrator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the Mission Orchestrator skill, automating project lifecycle management across multiple Attune phases.
- Automatically detects project state and routes to the correct phase (brainstorm, specify, plan, execute)
- Supports resumable missions with persistent state and session recovery
- Integrates modular skills for each phase; configurable via mission types
- Auto-triages backlog and manages progress checkpoints and risk escalation
- Designed for end-to-end automation of project workflows, from inception to execution
元数据
常见问题
Nm Attune Mission Orchestrator 是什么?
Lifecycle orchestrator that auto-detects project state and routes to the correct development phase. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。
如何安装 Nm Attune Mission Orchestrator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nm-attune-mission-orchestrator」即可一键安装,无需额外配置。
Nm Attune Mission Orchestrator 是免费的吗?
是的,Nm Attune Mission Orchestrator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nm Attune Mission Orchestrator 支持哪些平台?
Nm Attune Mission Orchestrator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nm Attune Mission Orchestrator?
由 athola(@athola)开发并维护,当前版本 v1.0.0。
推荐 Skills