← 返回 Skills 市场
155
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-orchard
功能描述
Agentic project and task management plugin for OpenClaw. Persistent SQLite-backed task board with a queue runner that auto-dispatches ready tasks as subagent...
安全使用建议
This plugin appears to implement what it claims: a persistent task board with an autonomous queue runner and a local UI proxy. Before installing, consider: 1) autonomous subagent spawns are the core feature — if you need to limit risk, enable debug.logOnly or ORCHARD_DISABLE_ALL_SPAWNS and test in a sandbox; 2) the standalone UI forwards the browser's Authorization header to the gateway — keep uiServer.bindAddress set to 127.0.0.1 and do NOT set uiServer.allowUnsafeBind unless you intentionally want LAN exposure; 3) optional config fields (contextInjection.apiKey, provider) let Orchard call external providers — only supply API keys you trust and understand potential data sent to those services; 4) building the plugin requires native modules (better-sqlite3) and a Node toolchain; verify build on a test host first; 5) review and test the debug flags and rate/limit settings (maxConcurrentExecutors, maxSubagentsPerProject, queueIntervalMs) to avoid runaway dispatching. If you need higher assurance, run the plugin in a local-only OpenClaw instance with debug.logOnly, review the repository manually, and/or restrict its role/permissions in your environment.
功能分析
Type: OpenClaw Skill
Name: openclaw-orchard
Version: 0.2.5-rc.5
OrchardOS is a comprehensive project management plugin that automates task execution via subagents. The codebase demonstrates high security awareness, including explicit SSRF protections in the documentation fetcher (src/api/routes.ts) that blacklist private IP ranges and loopback-only defaults for the standalone UI proxy server. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the plugin's capabilities are well-documented and aligned with its stated purpose.
能力评估
Purpose & Capability
Name/description (persistent task board, queue runner, dashboard, subagent dispatch) match the shipped source, routes, tools, and plugin manifest. No unrelated environment variables or surprising binaries are requested. The ability to spawn subagents and expose a loopback UI proxy is explicitly documented in the manifest and README.
Instruction Scope
SKILL.md and README describe only plugin installation, configuration, available agent tools, and API/UI access. Runtime instructions and the codebase limit themselves to task/project CRUD, queue/runner control, a debug surface, and a local UI proxy. There are no instructions to read or exfiltrate unrelated host files or environment variables in the SKILL.md.
Install Mechanism
No install spec in the registry entry (installation is done via the OpenClaw plugin system). Source includes a standard npm package.json and package-lock; dependencies rely on better-sqlite3 (native), and the build step runs tsc and an HTML-to-TS generator. Build-time native compilation and peer dependency on OpenClaw are expected but may require a proper Node toolchain.
Credentials
The plugin does not declare required env vars or credentials. Optional debug env vars and a config schema support an optional context-injection provider (apiKey) and UI server settings. Those optional API keys/config entries are proportional to features (context injection, external KB providers, standalone UI), but enabling them increases the attack surface and should be done intentionally.
Persistence & Privilege
always:false and model-invocation is allowed (default). Orchard is designed to autonomously dispatch subagents (documented); that is necessary for its purpose but raises operational risk if misconfigured. The plugin exposes a loopback-only auth-forwarding proxy by default; non-loopback binds are refused unless explicitly allowed in config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-orchard - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-orchard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.5-rc.5
Release 0.2.5-rc.5
v0.2.5-rc.4
Automated release from GitHub Actions for 0.2.5-rc.4
v0.2.5-rc.2
Release candidate: eliminate runtime dashboard file reads by generating and importing the UI HTML as a module, reducing static-analysis exfiltration hits while keeping the hardened local UI proxy behavior from rc.1.
v0.2.5-rc.1
Release candidate: harden publish surface and standalone UI proxy. Remove token auto-read from smoke script, trim published files, require explicit unsafe opt-in for non-loopback UI bind, and clarify security behavior in manifest/docs.
v0.1.1
Fix progress bar, sort controls on task list and board, settings panel, active tab indicator
v0.1.0
Initial release — agentic task board with queue runner, REST API, agent tools, and dashboard
元数据
常见问题
OrchardOS 是什么?
Agentic project and task management plugin for OpenClaw. Persistent SQLite-backed task board with a queue runner that auto-dispatches ready tasks as subagent... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 155 次。
如何安装 OrchardOS?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-orchard」即可一键安装,无需额外配置。
OrchardOS 是免费的吗?
是的,OrchardOS 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OrchardOS 支持哪些平台?
OrchardOS 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OrchardOS?
由 derp42(@derp42)开发并维护,当前版本 v0.2.5-rc.5。
推荐 Skills