← 返回 Skills 市场
yuchangxu1989-openclaw

Sevo Pipeline

作者 yuchangxu · GitHub ↗ · v0.4.1 · MIT-0
cross-platform ⚠ suspicious
118
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install sevo-pipeline
功能描述
SEVO — Agent 研发流水线。Spec-Execute-Verify-Operate: the agentic software delivery lifecycle for AI agent software production. Covers 8 stages from specification...
安全使用建议
What to consider before installing: - This package is a full OpenClaw plugin (not just a tiny instruction). It expects to be installed into the host workspace and will read/write files there (pipeline state, events, possibly project artifacts). Review where it will be placed (typical path: ~/.openclaw/extensions/sevo-pipeline and ~/.openclaw/workspace). - The plugin injects text into the main session (before_prompt_build) to request that the host spawn subagents; it deliberately uses prompt injection (documented ADR). That is a design choice: it avoids directly calling spawn APIs but relies on the main session/model to obey the injected instructions. If you run in a sensitive environment, this increases risk — a model could be coerced or misled by injected content. Consider running in a sandboxed host first. - The bridge dynamically imports compiled JS from the workspace/dist path and constructs/instantiates engine classes at runtime. That means code present under the workspace can be executed with plugin privileges. Make sure the workspace and any dist artifacts are trusted and immutable (or verify builds) before enabling. - Metadata underreports the footprint (no required env vars/config paths declared), but the code reads env vars and resolves config paths. Expect to configure OPENCLAW_WORKSPACE_ROOT / OPENCLAW_SEVO_* or confirm default locations. Confirm there are no unexpected env variables or secrets in those paths. - Recommended actions: (1) review the included source (bridge.js, index.js, label-protocol.js, task-mapper.js, and the hooks) to ensure behavior matches policy; (2) install and test in an isolated OpenClaw sandbox environment first; (3) ensure no secrets are present in the target workspace; (4) consider pinning/locking the dist compiled artifacts or running sevo build steps yourself and auditing the resulting JS; (5) if you don't want automatic prompt-driven spawning, disable or override the before_prompt_build hook or run in Single-Agent Mode with manual approval. Confidence note: The assessment is based on code and SKILL.md provided. If you can provide the OpenClaw host policy, exact installation path, and any intended env var overrides, I can raise or lower concern levels — e.g., if you plan to install into a disposable test host the risk is lower.
功能分析
Type: OpenClaw Skill Name: sevo-pipeline Version: 0.4.1 The SEVO pipeline is a highly sophisticated and well-architected framework designed to manage the full software delivery lifecycle for AI agents. It consists of a core TypeScript engine, an OpenClaw plugin for automated stage advancement, and a Next.js-based management dashboard. While the bundle performs high-privilege operations—such as modifying the host's 'openclaw.json' to enable prompt injection hooks (init.sh) and programmatically appending role-specific constraints to other agents' 'SOUL.md' files (role-templates.js)—these actions are transparently implemented and essential for the framework's stated purpose of coordinating multi-agent workflows. The code follows security best practices, such as using timing-safe comparisons for authentication and implementing 'fail-open' wrappers for hooks to ensure host stability. No evidence of malicious intent, data exfiltration, or unauthorized remote execution was detected.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
The name/description (SEVO pipeline) align with the large codebase and the OpenClaw integration described in the docs. However, registry metadata claimed "instruction-only / no install spec / no required env vars", while the bundle contains a full plugin implementation (bridge, index, adapters, web UI) that expects to be installed into an OpenClaw host workspace. The presence of adapter/bridge code, state files, and task-mapper is coherent with being an OpenClaw plugin — but the metadata underreports that footprint.
Instruction Scope
SKILL.md and architecture docs explicitly instruct the plugin to hook into OpenClaw events (subagent_ended, before_tool_call, before_prompt_build), inject context into the main session, parse/emit labels like sevo:<pipelineId>:<stageId>, and persist runtime state (state/active-pipelines.json). That scope requires reading/writing host workspace files and injecting prompts into the host session — behaviors beyond a simple helper. Prompt-injection to trigger spawns is an architectural choice (documented), but it increases risk because it depends on the main session/model obeying injected text and the plugin can influence host actions.
Install Mechanism
There is no external download URL or installer in registry metadata (lower network risk). The code is packaged in the skill bundle itself (many source files and web UI). That is safer than remote fetches, but it means the plugin will place and execute JavaScript on the host. The bridge dynamically imports compiled modules from a local workspace/dist path (dynamic import of local files), so the host will execute code taken from workspace/dist at runtime.
Credentials
Declared requirements list no env vars or config paths, but the code reads several environment variables and resolves workspace/sevo paths (e.g., OPENCLAW_WORKSPACE_ROOT, OPENCLAW_SEVO_DIST, OPENCLAW_SEVO_CACHE_TTL_MS, SEVO_PROJECT_ROOT). The plugin expects access to the host file system (workspace, data, dist) and will persist state under its state directory. No explicit secret/env requirements are declared in metadata, yet the code will read process.env variables if present — this is a mismatch and reduces transparency about what the plugin can access.
Persistence & Privilege
The plugin persists runtime state (state/active-pipelines.json), reads/writes pipeline state under a workspace data path, and dynamically imports local compiled modules to execute pipeline logic. It does not set always:true and does not claim force-privileges, but its capability to inject prompts into the main session and to persist/execute files gives it significant influence over host behavior. The docs state fail-open behavior, but fail-open combined with auto-advance prompt injection means misconfiguration or malicious modification of workspace/dist could cause undesired automated actions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sevo-pipeline
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sevo-pipeline 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.1
版本号对齐0.4.1 + 最新修复同步
v0.4.0
sevo-pipeline 0.4.0 - Added role-templates.js for role definitions. - Introduced sevo-init.js to support initialization tasks. - Updated core logic in index.js and task-mapper.js to integrate new modules. - Refreshed package.json to include dependencies for new functionality. - Improved documentation in README.md.
v0.3.3
- Updated dependencies in package.json. - Improved documentation in README.md. - Minor code adjustments in index.js and task-mapper.js.
v0.3.2
- No functional changes in this release. - Updated README.md and package.json with minor corrections or metadata tweaks. - SKILL.md content remains unchanged.
v0.3.1
P1/P2 gap fixes + anti-selfhype L3/L2 hardening
v0.3.0
- Introduced SEVO, covering the complete agentic software delivery lifecycle across 8 distinct stages (Spec, Contract, Implement, Review, Regression, Deploy, Verify, Ledger). - Added an overview explaining SEVO's role as the execution infrastructure module for Self-Evolving Harness. - Detailed integration points with KIVO (knowledge and intent routing) and AEO (effectiveness measurement and evolution triggers). - Clarified SEVO's purpose: addressing front-end (spec, contract) and back-end (verify, ledger) gaps in AI agent software production. - Noted current early-stage status and ongoing real-world testing.
元数据
Slug sevo-pipeline
版本 0.4.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Sevo Pipeline 是什么?

SEVO — Agent 研发流水线。Spec-Execute-Verify-Operate: the agentic software delivery lifecycle for AI agent software production. Covers 8 stages from specification... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 Sevo Pipeline?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sevo-pipeline」即可一键安装,无需额外配置。

Sevo Pipeline 是免费的吗?

是的,Sevo Pipeline 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Sevo Pipeline 支持哪些平台?

Sevo Pipeline 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Sevo Pipeline?

由 yuchangxu(@yuchangxu1989-openclaw)开发并维护,当前版本 v0.4.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论