← 返回 Skills 市场
376
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install symphony
功能描述
Set up and run OpenAI Symphony with isolated issue workspaces, workflow contracts, and unattended Codex orchestration for Linear projects.
安全使用建议
This skill appears to do what it claims, but it operates at a high trust level. Before installing or enabling unattended runs: 1) only use a test Linear project and a non-production repository until you validate one end-to-end run; 2) minimize token scopes — prefer a least-privilege Git token or deploy key rather than a broad GITHUB_TOKEN; 3) prefer SSH key auth if you don't want to store a token; 4) verify the 'codex' binary is legitimate and understand whether it uses OPENAI_API_KEY or a separate login session; 5) inspect any repository hooks (after_create, before_run, etc.) you will run — hooks can execute arbitrary code from the repo; 6) keep workspace root on a dedicated path (not a parent/shared directory) and do not store secrets in ~/symphony/ memory files; 7) require explicit user approval before enabling unattended/autonomous operation; and 8) if provenance matters, confirm the referenced upstream implementation (e.g., the GitHub repo cited in docs) before trusting the skill. If you want, provide the exact token scopes you plan to use and the location of the codex binary and I can give more specific hardening steps.
功能分析
Type: OpenClaw Skill
Name: symphony
Version: 1.0.0
The OpenAI Symphony skill provides unattended orchestration for Linear issues and Git repositories, requiring high-privilege credentials (LINEAR_API_KEY, GITHUB_TOKEN) and executing shell hooks (SKILL.md, WORKFLOW.md). While the skill includes comprehensive safety documentation and isolation policies (safety-guardrails.md), the inherent risks of shell execution and broad API access for its stated purpose align with the suspicious classification. No evidence of intentional malice or data exfiltration was identified.
能力评估
Purpose & Capability
Name/description (Linear + Codex orchestration) align with required binaries (git, codex), required env vars (LINEAR_API_KEY, OPENAI_API_KEY, GITHUB_TOKEN), and the workspace config path. These pieces are what you would expect for a service that polls Linear, runs Codex, and clones/pushes repos. Minor inconsistency: documentation accepts either OPENAI_API_KEY or an active 'codex' login session and supports SSH key auth, but manifest lists OPENAI_API_KEY and GITHUB_TOKEN as required — acceptable but slightly stricter than the prose.
Instruction Scope
SKILL.md and the included docs keep behavior scoped to per-issue workspaces and insist on user approval before unattended operation. However, the skill explicitly runs repo hooks (git clone and hook scripts) and will drive a local codex app-server; those hooks can execute arbitrary code from a repository. The skill includes guardrails and advises test-project rollouts, but executing hooks is an expected, high-risk part of the stated purpose and requires the user to ensure repositories/hooks are trusted.
Install Mechanism
Instruction-only skill with no install spec or embedded code files — lowest install risk. The runtime behavior relies on existing system binaries (git, codex). Because there is no installer that downloads/extracts code, nothing new is written to disk by an install step beyond the memory/workspace files the skill itself instructs to create at runtime.
Credentials
Requested environment variables (LINEAR_API_KEY, OPENAI_API_KEY, GITHUB_TOKEN) are proportionate to the capability: Linear API for tracker access, OpenAI/Codex auth for agent execution, and GitHub credentials for clone/fetch/push. Caveats: the skill's prose allows SSH keys as an alternative to GITHUB_TOKEN and also mentions codex login session as an alternative to OPENAI_API_KEY — the manifest's required list is somewhat stricter than the guidance. The skill stores runtime memory under ~/symphony/ and explicitly advises not to store secrets there.
Persistence & Privilege
The skill persists state to ~/symphony/ (memory, run-history, incidents) and is allowed autonomous invocation (platform default). It does not request 'always: true' or modify other skills. Because it performs unattended orchestration and can run hooks, persistent write access to its own workspace and repo operations are expected; this increases blast radius only insofar as you grant the requested credentials and approvals.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install symphony - 安装完成后,直接呼叫该 Skill 的名称或使用
/symphony触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release with workflow templates, runbook guidance, and safety guardrails for operating Symphony in trusted environments.
元数据
常见问题
OpenAI Symphony 是什么?
Set up and run OpenAI Symphony with isolated issue workspaces, workflow contracts, and unattended Codex orchestration for Linear projects. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。
如何安装 OpenAI Symphony?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install symphony」即可一键安装,无需额外配置。
OpenAI Symphony 是免费的吗?
是的,OpenAI Symphony 完全免费(开源免费),可自由下载、安装和使用。
OpenAI Symphony 支持哪些平台?
OpenAI Symphony 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 OpenAI Symphony?
由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.0。
推荐 Skills