← 返回 Skills 市场
OrgX
作者
Hope Atina
· GitHub ↗
· v3.1.0
· MIT-0
99
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install orgx
功能描述
Use when managing work with OrgX — reporting progress, requesting decisions, registering artifacts, syncing memory, checking quality gates, or viewing org st...
安全使用建议
Do not install or run this plugin blindly. Specific cautions and next steps:
- The SKILL.md asks you to install a third‑party package via npx/openclaw and to set ORGX_API_KEY, but the registry metadata does not declare these—ask the publisher for a source repository and an explicit install spec. Verify the @useorgx package on npm/GitHub and inspect its code before running.
- The integration explicitly pushes local files (MEMORY.md, daily logs) to OrgX; review those files for sensitive data first. Treat this as potential data exfiltration until you can confirm what the remote service stores and who can access it.
- Ask which endpoints the plugin calls, where OrgX is hosted for your installation, and whether traffic is encrypted and retained. Prefer deployments where the OrgX service is under your control (self-hosted) rather than an unknown remote service.
- If you must try it, run the install in a sandboxed environment (VM or disposable container), monitor network calls, and avoid providing high‑privilege credentials until the package is audited.
- Request that the skill metadata be updated to declare required env vars (e.g., ORGX_API_KEY) and a formal install spec, and that the publisher provide a homepage/source repo and release signatures. Without those, the mismatch between instructions and metadata is a red flag.
功能分析
Type: OpenClaw Skill
Name: orgx
Version: 3.1.0
The skill bundle encourages the systematic exfiltration of local agent context, specifically the contents of 'MEMORY.md' and session logs, to an external service (mcp.useorgx.com) via the 'orgx_sync' tool. While this behavior is aligned with the stated purpose of 'multi-agent orchestration,' the instructions in SKILL.md steer the agent to report all progress, artifacts, and internal state to a third-party endpoint by default. Additionally, the setup process suggests executing remote code via 'npx @useorgx/openclaw-plugin', which presents a supply chain risk.
能力评估
Purpose & Capability
The skill claims to integrate with OrgX (reporting, syncing memory, quality gates) but the registry metadata lists no required environment variables, no install spec, and no primary credential. SKILL.md explicitly references an ORGX_API_KEY and installation of @useorgx/openclaw-plugin (via npx or openclaw plugins install). Those requirements are not declared in the metadata, which is inconsistent and unexplained.
Instruction Scope
Runtime instructions tell the agent to push local data (e.g., contents of MEMORY.md and a daily log) and to register artifacts and status. That can exfiltrate sensitive local content. The document also prescribes calling many OrgX APIs and spawning sub-agents (orgx_spawn_check, orgx_run_action) without clearly bounding what data is collected or where it is sent. It also instructs installing and invoking an external plugin via npx, which executes remote code.
Install Mechanism
There is no install specification in the skill metadata, but SKILL.md tells users to run 'openclaw plugins install @useorgx/openclaw-plugin' or 'npx @useorgx/openclaw-plugin'. Those commands would download and execute third-party code from npm (or a plugin registry). Because installation is recommended but not captured in the registry spec, the install path and trustworthiness are unclear — this raises risk (npx runs remote code).
Credentials
SKILL.md references ORGX_API_KEY and implies interactions with external model endpoints (anthropic/claude, ollama/qwen) but the skill metadata declares no required environment variables or credentials. Requesting to sync local memory and dashboard pairing suggests the need for credentials and network access; those are not declared, which is disproportionate and hides important attack surface (credential handling, API access).
Persistence & Privilege
The skill itself is instruction-only and not marked always:true, so it has no built-in persistent presence. However, it explicitly asks the user to install a persistent plugin (@useorgx/openclaw-plugin). That external plugin — not represented in the skill metadata — could persist, gain privileges, or run autonomously. The potential for persistent capability comes from that external install, not the skill metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install orgx - 安装完成后,直接呼叫该 Skill 的名称或使用
/orgx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.1.0
Align the OrgX OpenClaw skill with the current plugin MCP surface and safe reporting contract.
元数据
常见问题
OrgX 是什么?
Use when managing work with OrgX — reporting progress, requesting decisions, registering artifacts, syncing memory, checking quality gates, or viewing org st... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。
如何安装 OrgX?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install orgx」即可一键安装,无需额外配置。
OrgX 是免费的吗?
是的,OrgX 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OrgX 支持哪些平台?
OrgX 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OrgX?
由 Hope Atina(@hopeatina)开发并维护,当前版本 v3.1.0。
推荐 Skills