← 返回 Skills 市场

Soulforge

Name: Soulforge
Author: jamesrp13

作者 jamesrp13 · GitHub ↗ · v2.0.1 · MIT-0

cross-platform ✓ 安全检测通过

995

总下载

当前安装

版本数

在 OpenClaw 中安装

/install soulforge

功能描述

Run high-signal autonomous coding loops with Soulforge (feature-dev/bugfix/review-loop) using strict worktree isolation, review gates, and scoped fix cycles.

安全使用建议

This is a coherent operator playbook, not a payload installer, but you should: (1) ensure the soulforge binary you run is from a trusted distribution (the skill does not install it), (2) have gh authenticated locally if you expect PR creation to work, (3) avoid passing untrusted input directly into shell callback wrappers — prefer handlers that accept callback bodies via stdin or files rather than interpolating {{callback_message}} into shell arguments, and (4) follow the advice in the SKILL.md to always run in isolated worktrees. If you need higher assurance, request the provenance (download/source) for the soulforge binary before using this skill in sensitive repos.

功能分析

Type: OpenClaw Skill Name: soulforge Version: 2.0.1 The 'soulforge' skill is a playbook for managing autonomous coding workflows using the Soulforge and GitHub CLIs. It includes strong security guidance, explicitly warning against shell injection and prompt injection while emphasizing the use of isolated git worktrees for safety. The files (SKILL.md and references/workflow-format.md) focus on operational best practices and do not contain any malicious code, data exfiltration patterns, or unauthorized execution logic.

能力评估

✓ Purpose & Capability

The name/description match the requested binaries and examples. Requiring 'soulforge' (the orchestration CLI) and 'gh' (used for PR creation) is proportional to the stated goal of running feature/bugfix/review loops.

ℹ Instruction Scope

The SKILL.md stays on-topic and repeatedly warns operators not to embed secrets or untrusted text into shell snippets. However, examples use --callback-exec with template variables such as {{callback_message}}; if an operator wires those into a shell wrapper unsafely, it could enable command-injection or data exfiltration. The skill itself documents the correct safety boundaries, but safe operator practices are required.

✓ Install Mechanism

No install spec is provided (instruction-only), so nothing will be downloaded or written by the skill package itself. This is the lowest-risk install model.

✓ Credentials

No environment variables or credentials are requested by the skill. Usage of 'gh' implies the operator must have configured GitHub auth locally, which is appropriate and not requested by the skill itself.

✓ Persistence & Privilege

The skill is not always-enabled and does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed by default for skills and is not a red flag here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install soulforge
安装完成后，直接呼叫该 Skill 的名称或使用 /soulforge 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.1

Release v2.0.1 — see CHANGELOG.md

v1.4.1

Release v1.4.1 — see CHANGELOG.md

v1.4.0

Release v1.4.0 — see CHANGELOG.md

v1.3.0

Release v1.3.0 — see CHANGELOG.md

v1.2.0

Release v1.2.0 — see CHANGELOG.md

v1.1.0

Release v1.1.0 — see CHANGELOG.md

v1.0.1

Release v1.0.1 — see CHANGELOG.md

v1.0.0

Release v1.0.0 — see CHANGELOG.md

v0.9.0

Release v0.9.0 — see CHANGELOG.md

v0.8.2

Release v0.8.2 — see CHANGELOG.md

v0.8.1

Release v0.8.1 — see CHANGELOG.md

v0.8.0

Release v0.8.0 — see CHANGELOG.md

v0.7.0

soulforge 0.7.0 - Added repository metadata and explicit prerequisite bins (now includes GitHub CLI requirement). - Enhanced security documentation: clarified what is sent externally to model providers, callbacks, and GitHub. - Clarified worktree and `--workdir`/`--no-worktree` behaviors and Mutual Exclusivity. - Documented per-step callback events (`notify`) and templated callback bodies. - Updated and expanded running workflow descriptions and checkpoint/review logic. - Added conventions for GitHub issue specs and warning not to expose secrets via callbacks.

v0.6.0

Added codex-cli executor, --executor flag override, --no-callback, auto-start daemon, SOULFORGE_DATA_DIR env var, bare+worktree layout fix

v0.5.2

Address ClawHub security scan: declare gh/codex dependencies, add repository URL, add Security & Data Flow section.

v0.5.1

Address ClawHub security scan: declare gh/codex dependencies, add repository URL, add Security & Data Flow section documenting what data goes where.

v0.5.0

Per-step callback notifications: notify field on workflow steps (on_complete, on_waiting, on_fail), workflow-level defaults.notify, --callback-url required with --no-callback opt-out, step_id/step_status template vars.

v0.4.0

v0.4.0 — Fixed loop step completion (#15) and progress file location (#12)

v0.3.2

Restore original language — VirusTotal flag was a ClawHub display bug (0/54 clean). Filed openclaw/clawhub#379.

v0.3.1

Soften language to reduce VirusTotal false positive: remove daemon/Bearer token patterns from examples

元数据

Slug soulforge

版本 2.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 25

常见问题

Soulforge 是什么？

Run high-signal autonomous coding loops with Soulforge (feature-dev/bugfix/review-loop) using strict worktree isolation, review gates, and scoped fix cycles. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 995 次。

如何安装 Soulforge？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install soulforge」即可一键安装，无需额外配置。

Soulforge 是免费的吗？

是的，Soulforge 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Soulforge 支持哪些平台？

Soulforge 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Soulforge？

由 jamesrp13（@jamesrp13）开发并维护，当前版本 v2.0.1。