React Orchestrator

基于 ReAct 框架的双系统 AI 代理协调器，自动评估任务复杂度并在快速执行与深度推理间智能切换，实现高效分层推理。

High-level things to check before installing or running: - Missing declarations: the package metadata lists no required env vars or binaries, but the code and examples use process.env.TAVILY_API_KEY and expect 'tavily-search'/'rag-retriever' style modules. Confirm what environment variables and extra packages you must provide. - Code execution risk: CodeMode writes temporary files and spawns child processes (node and PowerShell with ExecutionPolicy Bypass). If you run this on a host with sensitive files or with network access, generated code could read/write files or execute commands. Prefer running in an isolated container/VM and review/disable CodeMode if you don't trust generated code. - File I/O and tools: Built-in templates include file-read and file-write that perform arbitrary path access. Review which tools are registered by default and enable HITL for write/execute tools (HITLManager default requireApproval includes file-write/execute-command in the code; keep those enabled). - External endpoints and secrets: The tavily-search template uses an API key and calls api.tavily.com. If you supply such keys, verify the endpoint is expected and trustworthy. Avoid putting cloud credentials or high-privilege secrets into the environment unless necessary. - Dependencies: package.json only lists 'zod'. Examples/templates reference other packages and clients not in dependencies. Before npm install/run, inspect code for undeclared requires and add/lock dependencies from trusted registries. - Platform assumptions: PowerShell templates and invocation of 'powershell.exe' are Windows-specific; the code expects Node >=18. If running on non-Windows, PowerShell paths and behavior differ. If you want to proceed safely: - Run the skill inside an isolated container with no sensitive mounts and minimal network access. - Enable HITL for anything that writes files or executes commands; set autoApprove to an empty list. - Audit all tool templates and remove or replace any that call external services or perform filesystem access you don't want. - Add explicit required env var declarations (TAVILY_API_KEY etc.) to your deployment manifest so you know what secrets will be exposed. Given the mismatches between declared metadata and actual code behavior, treat this package as potentially dangerous until you review and constrain its runtime capabilities.

Type: OpenClaw Skill Name: react-orchestrator Version: 0.1.0 The bundle implements a 'ReAct Orchestrator' framework that includes a high-risk 'Code Mode' feature in src/code-mode.js. This module dynamically generates and executes JavaScript and PowerShell scripts using child_process.spawn based on tool parameters, which creates a significant Remote Code Execution (RCE) surface if the driving LLM is manipulated via prompt injection. While the bundle includes a Human-in-the-loop (HITL) safety mechanism in src/hitl.js to mitigate unauthorized actions, the inherent capability to execute unvalidated code generated from AI prompts is a major security risk. No evidence of intentional malice or data exfiltration was found, but the architectural design is highly vulnerable.