← 返回 Skills 市场
Project OS Organizer
作者
Joseph Antonio Bozzo-Horwich
· GitHub ↗
· v1.2.1
576
总下载
0
收藏
2
当前安装
4
版本数
在 OpenClaw 中安装
/install project-os-organizer
功能描述
Privacy-first, chat-first project manager for vibe coders. Track projects, capture updates, and resume work across local folders, Claude/Codex, and GitHub wi...
安全使用建议
This skill is coherent with its stated purpose, but it can access or index local chat transcripts, home directories, and GitHub only when you explicitly enable those options. Before installing or running: 1) Keep remote-install disabled unless you trust the repository and set PROJECT_OS_ROOT to a local checkout. 2) Only set PROJECT_OS_INCLUDE_CHAT_ROOTS=1 or PROJECT_OS_ENABLE_GITHUB_SYNC=1 if you want those features and understand they will read local chat folders or use your GITHUB_TOKEN / gh CLI. 3) Expect files under ~/.project_os and a local web dashboard at 127.0.0.1:8765 when started. 4) Review the upstream project-os repository (PROJECT_OS_REPO_URL / PROJECT_OS_TRUSTED_REPO_URL) before enabling auto-install. If you want a minimal footprint, leave all optional env flags unset and point PROJECT_OS_ROOT to a vetted local copy.
功能分析
Type: OpenClaw Skill
Name: project-os-organizer
Version: 1.2.1
The skill is classified as suspicious due to several high-risk capabilities, even though they are explicitly opt-in. The `scripts/common.sh` file includes a `git clone` mechanism for remote installation, which, if combined with a user overriding `PROJECT_OS_REPO_URL` to an untrusted source and enabling `PROJECT_OS_ALLOW_REMOTE_INSTALL`, could lead to Remote Code Execution. Additionally, `scripts/setup_test_config.py` enables broad file system scanning (e.g., `$HOME/GitHub`, `$HOME/.claude`) and potential access to `GITHUB_TOKEN` via environment variables (`PROJECT_OS_ENABLE_HOME_DISCOVERY`, `PROJECT_OS_INCLUDE_CHAT_ROOTS`, `PROJECT_OS_ENABLE_GITHUB_SYNC`). While these features are guarded by explicit user opt-ins and a `PROJECT_OS_TRUSTED_REPO_URL` check, their powerful nature and potential for misuse or exploitation (e.g., if the user is socially engineered) elevate the risk beyond benign, without clear evidence of intentional malicious behavior like exfiltration or unauthorized persistence.
能力评估
Purpose & Capability
Name/description (local-first, chat-first project manager) aligns with requested binaries and env vars: only python3 is required and the optional env flags control chat indexing, GitHub sync, home discovery, and remote install. The scripts are wrappers that expect a separate project-os repo (project_os package) and will refuse or require explicit opt-in before performing remote clone/install.
Instruction Scope
SKILL.md directs the agent to run scripts/project_router.sh which in turn runs bootstrap/setup scripts and the project_os Python CLI. Those scripts will scan local roots and (if enabled) conversation roots and GitHub. By default chat indexing, home-discovery, GitHub sync, and remote install are disabled; enabling them is controlled by explicit environment variables (PROJECT_OS_INCLUDE_CHAT_ROOTS, PROJECT_OS_ENABLE_GITHUB_SYNC, PROJECT_OS_ENABLE_HOME_DISCOVERY, PROJECT_OS_AUTO_SETUP and PROJECT_OS_ALLOW_REMOTE_INSTALL).
Install Mechanism
No automated install spec in the registry; this is instruction+script based. Remote install is possible only when two opt-in flags are set and the repo URL matches a TRUSTED_REPO_URL; the remote clone uses a GitHub URL. There are no opaque downloads or URL shorteners in the codebase.
Credentials
The skill requests only PROJECT_OS_ROOT (or explicit remote-install opt-in) plus optional flags for chat/GitHub/home discovery. If you enable GitHub sync, the tooling will look for GITHUB_TOKEN or call the gh CLI; enabling chat indexing or home discovery allows scanning of local chat folders and user home subfolders. These env/credential needs are proportionate but enable access to potentially sensitive local data when turned on.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It creates data under $HOME/.project_os and may start a local dashboard (binds to PROJECT_OS_HOST:PROJECT_OS_PORT, default 127.0.0.1:8765). Daemonization is handled locally via daemonize_command.py. Nothing modifies other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-os-organizer - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-os-organizer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
Fix recency logic, simplify dashboard to project-only view, and improve chat transcript readability/noise filtering.
v1.2.0
Chat-based last-modified model, top-5 working snapshot, and simpler recency filtering.
v1.1.0
Security and privacy hardening: disabled implicit remote install, disabled chat/GitHub indexing by default, narrowed discovery, and added explicit opt-in controls.
v1.0.0
Rebranded production release with stronger security hardening, cleaner activity scope controls, and non-technical chat-first UX.
元数据
常见问题
Project OS Organizer 是什么?
Privacy-first, chat-first project manager for vibe coders. Track projects, capture updates, and resume work across local folders, Claude/Codex, and GitHub wi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 576 次。
如何安装 Project OS Organizer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-os-organizer」即可一键安装,无需额外配置。
Project OS Organizer 是免费的吗?
是的,Project OS Organizer 完全免费(开源免费),可自由下载、安装和使用。
Project OS Organizer 支持哪些平台?
Project OS Organizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 Project OS Organizer?
由 Joseph Antonio Bozzo-Horwich(@ldodee)开发并维护,当前版本 v1.2.1。
推荐 Skills