← 返回 Skills 市场
fernando-fernandez3

Ship Loop

作者 Fernando · GitHub ↗ · v5.0.0 · MIT-0
cross-platform ⚠ suspicious
152
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install ship-loop
功能描述
Run a chained build→ship→verify→notify pipeline for multi-segment feature work. Use when implementing multiple features in sequence, each as a coding agent t...
安全使用建议
This skill appears to be what it claims: a self‑healing build→ship→verify pipeline that runs your coding agent and manipulates your git repo. Before installing or running: 1) Inspect SHIPLOOP.yml in any repository you point it at — it will execute agent_command and preflight/deploy scripts as your user. 2) Don’t run on untrusted repos. Treat SHIPLOOP.yml like a Makefile/CI config. 3) Be mindful of the agent you configure — if you supply an agent CLI that needs API keys, provide them separately and understand their privileges; avoid using example flags like '--permission-mode bypassPermissions' unless you understand the implications. 4) Note Ship Loop writes state (SQLite DB, .shiploop/metrics.json, learnings.yml) and may commit learnings.yml back into the repo — consider whether you want that file tracked. 5) The pre-scan found unicode control characters in SKILL.md; open the files in a hex-aware editor or use a tool to strip/inspect control chars to ensure there is no hidden or obfuscated content. If you want higher assurance, run the code in a disposable environment or review the repository’s Python code (shiploop/) and tests; they appear to implement the documented behavior.
功能分析
Type: OpenClaw Skill Name: ship-loop Version: 5.0.0 The skill bundle implements an autonomous build and repair pipeline that executes arbitrary shell commands provided in a 'SHIPLOOP.yml' configuration file. While the documentation includes a security notice regarding these risks, the implementation uses high-risk patterns, specifically the use of 'eval' on configuration-derived strings in 'scripts/preflight.sh' and un-sandboxed subprocess execution in 'shiploop/preflight.py' and 'shiploop/agent.py'. These represent classic RCE vulnerabilities that could be exploited if the tool is run against an untrusted repository. No evidence of intentional malice, such as data exfiltration or backdoors, was detected.
能力评估
Purpose & Capability
Name/description (Ship Loop) match the provided code, CLI, and docs. Required binaries (git, python3), the SQLite state backend, provider plugins (vercel/netlify/custom), and agent CLI integration are all consistent with a tool that runs build→ship→verify cycles and spawns repair/meta worktrees.
Instruction Scope
The SKILL.md explicitly requires running the coding agent, preflight build/lint/test commands, deploy verification, git commits, worktrees, and arbitrary custom deploy scripts defined in SHIPLOOP.yml. That scope is expected for this purpose but inherently grants the skill the ability to execute arbitrary repo-defined commands with the user's privileges; the skill does include an explicit security notice and claims temp-file prompt passing and explicit staging to reduce injection and accidental mass staging.
Install Mechanism
No install spec is provided (instruction-only for the runtime), and the repository includes Python code and docs; installing dependencies is standard (pyyaml, pydantic). Nothing in the manifest attempts to download or execute remote archives during install.
Credentials
The skill declares no required environment variables (reasonable). The docs do reference agent-specific API keys (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY) and agent CLI flags; those are external to the skill and must be provided by the user for their chosen agent. This is proportionate, but users should be aware the agent command they configure may require secrets and permissions (and the example uses a '--permission-mode bypassPermissions' flag which increases risk if used).
Persistence & Privilege
The tool writes state and metrics to disk (SQLite tars.db, .shiploop/metrics.json, learnings.yml) and commits/merges branches into the repo as part of normal operation. That persistence and repo modification is expected for a pipeline tool, but it means the skill will change your working tree and commit history — review SHIPLOOP.yml and learnings.yml behavior before running.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ship-loop
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ship-loop 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v5.0.0
**Ship Loop v5.0.0 — Major upgrade: persistent DB backend, event-driven pipeline, verdict router, and reflective analytics.** - Added SQLite (`tars.db`) backend for full pipeline state, event log, learnings, and usage tracking. - Introduced event queue for robust crash recovery and auditing; CLI can now inspect event/history. - Added a verdict router for configurable outcome→action mapping, replacing hardcoded branching. - New reflection loop audits run history, scoring learnings and surfacing actionable recommendations. - All state (runs, segments, learnings, cost, verdicts) is DB-backed; `SHIPLOOP.yml` is now config-only. - New CLI commands for reflection, history, events, and advanced analytics.
v4.0.0
Council review: 5 blockers fixed (env filtering, file locking, git timeouts, security docs, integration tests) + 16 warnings (dry-run, notifications, atomic writes, agent logs, cross-platform, signal handling). 170 tests.
v2.0.1
Fix security flags: agent command now user-configured via agent_command in SHIPLOOP.yml (no more hardcoded claude binary). Added requires.bins metadata for git, bash, curl. Redirect-following fix in verify-deploy.sh.
v2.0.0
Full rewrite: preflight gates, safe staging, rollback with git tags, platform-aware deploy verification, YAML pipeline definition, configurable timeouts, crash recovery. Council-reviewed, zero BLOCKs.
元数据
Slug ship-loop
版本 5.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Ship Loop 是什么?

Run a chained build→ship→verify→notify pipeline for multi-segment feature work. Use when implementing multiple features in sequence, each as a coding agent t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 152 次。

如何安装 Ship Loop?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ship-loop」即可一键安装,无需额外配置。

Ship Loop 是免费的吗?

是的,Ship Loop 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Ship Loop 支持哪些平台?

Ship Loop 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ship Loop?

由 Fernando(@fernando-fernandez3)开发并维护,当前版本 v5.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论