← 返回 Skills 市场
87
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-smart-scheduler
功能描述
智能任务调度器 - 简单任务秒级响应,复杂任务深度思辨。自动识别任务复杂度,路由到最优处理器。集成苏格拉底探明、任务分解、资源定位、多模型辩论验证。
安全使用建议
This skill is not clearly malicious, but it contains risky and inconsistent behavior compared to its SKILL.md claims. Specific concerns: (1) It writes temporary Python files and executes them with subprocess (python3.8) — that can run arbitrary code on your machine; (2) It contacts hardcoded local services (127.0.0.1:5000 and 127.0.0.1:8002) and external ClawHub URLs, despite claiming no unauthorized network requests; (3) It inspects your skills directory (/home/admin/.openclaw/...) and /proc/meminfo; (4) The SKILL.md asserts sandboxing and no hardcoded tokens, but the code does not implement a clear secure sandbox or use environment-configurable endpoints. Before installing or enabling this skill, consider: run it in an isolated/test environment (not on production machines); require the developer to make endpoints configurable via environment variables (no hardcoded URLs); disable or review the self-generate execution path (or restrict to a real sandboxed runtime/container); request proof or documentation of the claimed sandbox implementation; and audit the full, untruncated code for any other hidden behaviors. If you cannot get these mitigations, avoid installing on sensitive systems.
功能分析
Type: OpenClaw Skill
Name: openclaw-smart-scheduler
Version: 1.0.1
The skill bundle implements a 'self-generation' feature in resource_locator.py that uses subprocess.run to execute dynamically generated Python code in a temporary file, which poses a significant risk of Remote Code Execution (RCE) if the agent's logic is subverted. It also interacts with local network services (127.0.0.1:8002) for 'debate verification' and reads system-level information from /proc/meminfo. While these features are consistent with the stated goal of a sophisticated task scheduler, the inclusion of arbitrary code execution and local network probing is high-risk behavior.
能力评估
Purpose & Capability
Name/description (smart scheduler, routing, debate/locator) align with included modules (scheduler, resource_locator, debate_verifier). However some requested/implicit capabilities go beyond what a simple scheduler description implied: the skill dynamically generates and executes Python code (self-generate), inspects a user skill directory (/home/admin/.openclaw/...), and expects local HTTP services (127.0.0.1:5000, 127.0.0.1:8002). Those are plausible for a full-featured orchestrator but are not justified in SKILL.md (which emphasizes 'no malicious code execution' and tight sandboxing).
Instruction Scope
SKILL.md promises safe sandboxing and no unauthorized network calls, but the code performs local and external network requests (requests.get/post to 127.0.0.1 and clawhub URLs), checks/reads filesystem paths for installed skills, reads /proc/meminfo, writes temporary Python files and executes them with subprocess (python3.8). The runtime instructions (via code) therefore allow file I/O, process execution, and network I/O beyond what the prose security claims assert.
Install Mechanism
No install spec (instruction-and-code bundle only). That minimizes delivery risk (no remote archive downloads at install time).
Credentials
The skill declares no required env vars or credentials, yet code hardcodes service endpoints (e.g., DEBATE_URL = http://127.0.0.1:8002) and references external ClawHub URLs. The SKILL.md states credentials come from environment variables and 'no hardcoded token' — but the presence of hardcoded endpoints and use of local services is inconsistent with that assurance. Also the code can call local services and may consume API quota when self-generating code.
Persistence & Privilege
always:false (good), but the resource locator's self-generation path writes temporary code and executes it, and returned metadata suggests it may persist generated artifacts as new Skills ('should_persist': True). The code also probes and reads the user's skills directory (/home/admin/.openclaw/workspace/skills) which gives it visibility into other installed skills. While not explicitly modifying other skills, these behaviors elevate privilege and persistence risk if the self-generate flow is enabled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-smart-scheduler - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-smart-scheduler触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added a new "安全说明" (Security Notice) section in SKILL.md, detailing security features such as use of environment variables for credentials, sandboxed code execution, and restricted network access.
- No changes to core logic or functionality.
- This update enhances transparency regarding security practices for all users.
v1.0.0
Initial release of openclaw-smart-scheduler.
- Introduces an intelligent scheduler that auto-categorizes tasks as simple or complex for optimal routing.
- Simple tasks receive direct, sub-second responses; complex tasks undergo analysis, decomposition, and multi-step validation.
- Incorporates Socratic probing, resource identification, task breakdown, multi-model debate, and result validation for complex tasks.
- Provides clear usage instructions and key performance metrics.
- Designed for high efficiency with <500ms simple task latency and <3s complex task first response.
元数据
常见问题
Smart Scheduler 是什么?
智能任务调度器 - 简单任务秒级响应,复杂任务深度思辨。自动识别任务复杂度,路由到最优处理器。集成苏格拉底探明、任务分解、资源定位、多模型辩论验证。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。
如何安装 Smart Scheduler?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-smart-scheduler」即可一键安装,无需额外配置。
Smart Scheduler 是免费的吗?
是的,Smart Scheduler 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Smart Scheduler 支持哪些平台?
Smart Scheduler 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Smart Scheduler?
由 Timo2026(@timo2026)开发并维护,当前版本 v1.0.1。
推荐 Skills