← 返回 Skills 市场
Openclaw Spacesuit
作者
Jonathan Tsai
· GitHub ↗
· v0.3.0
1896
总下载
2
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install spacesuit
功能描述
A comprehensive OpenClaw workspace framework providing session protocols, memory system, git workflow, safety rules, priority triage, communication handoffs,...
安全使用建议
What to consider before installing:
- Review and run in a safe test workspace first: clone the repo into a throwaway workspace and run ./scripts/diff.sh and ./scripts/upgrade.sh --dry-run before applying anything to a production workspace.
- Inspect templates and scripts yourself (install.sh, upgrade.sh, sync-operators.sh). The package will copy files and scripts into your workspace root and create directories (memory/, handoff/, decisions/, scripts/, state/).
- Pay special attention to instructions that tell agents to search ~/.config, dotfiles, .envrc, and cloud session folders. Those are common places for secrets. If you do not want automatic scanning of those locations, avoid running sync scripts or modify them to limit paths (or set OPENCLAW_SESSIONS_DIR explicitly and run with --dry-run).
- Note contradictory guidance: AGENTS.md contains both a strict SECURITY.md and a line 'Don't ask permission. Just do it.' Decide which behavior you want agents to follow; consider editing AGENTS.md/SOUL.md to enforce explicit consent before any external or cross-home actions.
- The pre-scan "injection" patterns are present in SECURITY.md as defensive examples; they are not an active attack but demonstrate the project trains agents to refuse such prompts.
- Practical steps: run sync-operators.sh with --dry-run; set restrictive file permissions on workspace; ensure you control OPENCLAW_PROFILE/OPENCLAW_SESSIONS_DIR before running; search the templates for any accidental secret values before upgrade/install.
Confidence: medium — the package is internally consistent as a scaffold, but several explicit instructions expand its read-scope to home/cloud credential locations and include strong autonomy language that may be surprising; that makes the risk profile ambiguous and worth manual review before use.
功能分析
Type: OpenClaw Skill
Name: spacesuit
Version: 0.3.0
The skill bundle is largely benign, providing a security-focused framework for OpenClaw agents, including robust prompt injection defenses and explicit rules against secret exfiltration in `base/SECURITY.md` and `base/AGENTS.md`. However, the `scripts/sync-operators.sh` file is classified as suspicious because it accesses potentially sensitive local data by reading OpenClaw session transcripts from `~/.openclaw-<profile>/agents/main/sessions`. While its stated purpose is to generate `state/operators.json` for internal dashboards by extracting only user IDs, usernames, and message counts, the capability to read raw session data from a user's home directory is a high-risk operation, even if processed locally without external exfiltration.
能力评估
Purpose & Capability
Name and files match a workspace scaffold: templates, base content, installer, upgrade/diff, and a session-sync script. However several policy files (AGENTS.md, TOOLS.md) explicitly instruct searching the workspace root, cloud storage, home config (~/.config), dotfiles, and .envrc for credentials — behavior that is broader than a minimal scaffold and worth scrutiny.
Instruction Scope
Runtime documentation and base AGENTS.md instruct agents to automatically load SECURITY.md, SOUL.md, USER.md and read daily memory files, search home config and cloud storage, and 'Don't ask permission. Just do it.' This grants the agent broad discretion to read local files (including potential secrets) and discover data outside the workspace; scripts also read ~/.openclaw session transcripts. The explicit instruction to proactively search home dotfiles and cloud locations is scope-creep for a scaffold.
Install Mechanism
No remote installers or downloads; the package is instruction-only from ClawHub and contains local bash scripts (install/upgrade/diff/sync) that copy templates into the workspace and create local directories. No external network fetches or obscure URLs in the install path were found.
Credentials
The package declares no required environment variables, but the documentation and templates instruct searching .envrc, .env, ~/.config, gateway config and environment variables for credentials. Asking agents to scan these credential locations is disproportionate unless the user explicitly consents and configures it; the skill does not declare or justify needing blanket access to secrets.
Persistence & Privilege
always:false and user-invocable true. The install/upgrade scripts write files into the workspace (templates, scripts, .spacesuit-version, heartbeat state) which is expected for a scaffold. The skill does not request system-wide privileges or modify other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spacesuit - 安装完成后,直接呼叫该 Skill 的名称或使用
/spacesuit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
v0.3.0: Add CONTRIBUTING.md, CODE_OF_CONDUCT.md, and --profile flag for multi-OpenClaw support
v0.2.0
Added Makefile + gateway-loop.sh templates for tmux-based gateway management. make lfg is now batteries-included.
v0.1.0
Initial release: batteries-included workspace framework with session protocol, memory system, git workflow, safety rules, priority system, meta-learning framework, and section-based upgrade mechanism.
元数据
常见问题
Openclaw Spacesuit 是什么?
A comprehensive OpenClaw workspace framework providing session protocols, memory system, git workflow, safety rules, priority triage, communication handoffs,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1896 次。
如何安装 Openclaw Spacesuit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spacesuit」即可一键安装,无需额外配置。
Openclaw Spacesuit 是免费的吗?
是的,Openclaw Spacesuit 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Spacesuit 支持哪些平台?
Openclaw Spacesuit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Spacesuit?
由 Jonathan Tsai(@jontsai)开发并维护,当前版本 v0.3.0。
推荐 Skills