← 返回 Skills 市场
Social Hub Server
作者
Social Hub
· GitHub ↗
· v1.0.0
1358
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install social-hub-server
功能描述
AI 关系匹配助手的中心化匹配引擎。作为一个独立的 OpenClaw 实例运行,通过内部群组与所有用户的个人 Agent 通信。负责接收用户画像标签摘要、维护全局用户注册表、执行双向匹配算法(处境一致性 + 能力互补性)、监控匹配阈值、在达标时向相关个人 Agent 发送匹配通知、协调双方确认流程、以及收集匹配反馈用于算法优化。当群组中出现新消息、或到了定时匹配扫描的时间时,本 skill 应被触发。
安全使用建议
Before installing or running this skill, get answers to these questions and take these steps:
- Clarify required dependencies and credentials: which LLM/embedding provider(s) will be used, and what environment variables or API keys are required? Where are those keys stored and who can access them?
- Ask for an install spec or code: provide the missing references (message-protocol.md, matching-algorithm.md) and any scripts or container images used to run ChromaDB and the engine so you can review them.
- Confirm communication channels: how does the engine authenticate to the internal group and personal Agents? What endpoints or tokens are used to send MATCH_FOUND / MATCH_CONFIRMED messages?
- Audit data handling: request a clear data retention and deletion policy for ~/.matchbot-engine, how sensitive fields are filtered per disclosure_settings, and whether persisted files are encrypted and access-controlled.
- Run in an isolated environment: until you trust the implementation, run it in a dedicated VM or container with limited network access and limited filesystem mounts (not your full home dir).
- Require least privilege: ensure LLM/embedding credentials have minimal scope and logging is enabled to track what external calls are made and which data was sent.
- If you cannot obtain clear answers or code, treat the skill as risky: do not grant it access to real user data or production secrets; prefer a vetted implementation from a known source.
功能分析
Type: OpenClaw Skill
Name: social-hub-server
Version: 1.0.0
The skill is classified as suspicious due to its instruction to set up cron jobs and store sensitive user data locally. While the stated purpose of these actions (scheduled matching scans, online status checks, and user registry/match history storage) aligns with the skill's description as a matching engine, the ability to configure cron jobs represents a high-privilege capability that could be leveraged for persistence or malicious execution if the agent were compromised or instructed differently. The local storage of sensitive user data in `~/.matchbot-engine/registry.json`, `~/.matchbot-engine/match_history.json`, and `~/.matchbot-engine/chromadb/` also increases the attack surface for data exfiltration if the host system is compromised. No explicit malicious intent or prompt injection attempts were found in SKILL.md.
能力评估
Purpose & Capability
The described purpose (centralized matching engine) plausibly requires storing user profiles, running matching logic, and sending messages to personal Agents. However, the skill's metadata declares no required env vars, binaries, or install steps while the instructions clearly require: (1) an embedding API / LLM API, (2) a ChromaDB vector database, (3) the ability to send/receive messages on an internal group channel, and (4) persistent filesystem access under ~/.matchbot-engine. The absence of any declared credentials, endpoints, or dependency list is disproportionate to the actual runtime needs.
Instruction Scope
SKILL.md instructs the agent to read/write local files (~/.matchbot-engine/registry.json, match_history.json, chromadb dir), to call embedding and LLM APIs for scoring, to upsert vectors into ChromaDB, to send/receive structured messages (HEARTBEAT, PROFILE_UPDATE, MATCH_FOUND, etc.), and to run periodic cron jobs. All of those are within what a matching engine would do, but they involve handling sensitive user profile data and require explicit instructions about which APIs/endpoints/credentials to use. The SKILL.md also references external spec files (references/message-protocol.md, references/matching-algorithm.md) that are not provided; that leaves runtime behavior underspecified and gives the agent wide discretion (e.g., which LLM/embedding provider to call and what data to send).
Install Mechanism
This is an instruction-only skill (no install spec and no code files). That lowers immediate supply-chain risk, but it also means the instructions assume preinstalled components (ChromaDB, embedding/LLM client libraries, cron integration). The skill does not document how to install or configure those components. Lack of an install/packaging plan is an operational gap that increases the chance of misconfiguration or accidental use of unapproved APIs.
Credentials
The SKILL.md requires access to sensitive user profile data and to external LLM/embedding services, but the registry metadata declares no required environment variables or primary credential. In practice the skill needs credentials (API keys/tokens) for any cloud LLM/embedding provider and possibly connection info for ChromaDB or messaging channels. Asking for none in the manifest is inconsistent and obscures what secrets will be needed and where they might be stored or used.
Persistence & Privilege
The skill expects to persist state under ~/.matchbot-engine (registry, history, ChromaDB files) and to be scheduled via cron every 6 hours, etc. It does not set always:true and does not claim to modify other skills; persistence is reasonable for this service. However, persisting full user profiles centrally increases privacy risk and requires explicit retention, access control, encryption, and deletion policies which are not documented in SKILL.md.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install social-hub-server - 安装完成后,直接呼叫该 Skill 的名称或使用
/social-hub-server触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the matching-engine centralized matching skill.
- Implements a centralized AI-driven relationship matching engine for 30 users’ personal Agents.
- Maintains a global user registry, complete match history, and stores user vector embeddings in ChromaDB by skill, interest, goal, challenge, and basic info.
- Processes group messages for heartbeats, profile updates, match responses, and feedback—while providing detailed, observable log messages.
- Performs event-driven and scheduled (every 6 hours) full-pool match calculations, combining vector similarity and LLM-based evaluations (consistency & complementarity).
- Strictly enforces user disclosure settings when sharing profile information during matches.
- Manages confirmation workflow and sends personalized introductions (icebreakers) upon both users accepting a match.
- Provides comprehensive operational logs and summary metrics for transparency and debugging.
元数据
常见问题
Social Hub Server 是什么?
AI 关系匹配助手的中心化匹配引擎。作为一个独立的 OpenClaw 实例运行,通过内部群组与所有用户的个人 Agent 通信。负责接收用户画像标签摘要、维护全局用户注册表、执行双向匹配算法(处境一致性 + 能力互补性)、监控匹配阈值、在达标时向相关个人 Agent 发送匹配通知、协调双方确认流程、以及收集匹配反馈用于算法优化。当群组中出现新消息、或到了定时匹配扫描的时间时,本 skill 应被触发。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1358 次。
如何安装 Social Hub Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install social-hub-server」即可一键安装,无需额外配置。
Social Hub Server 是免费的吗?
是的,Social Hub Server 完全免费(开源免费),可自由下载、安装和使用。
Social Hub Server 支持哪些平台?
Social Hub Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Social Hub Server?
由 Social Hub(@freeai-io)开发并维护,当前版本 v1.0.0。
推荐 Skills