← 返回 Skills 市场
wangjiaocheng

Universal Agent

作者 波动几何 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
98
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install universal-agent
功能描述
This skill should be used when the user needs to execute tasks through a complete automated workflow: understand natural language intent, dynamically generat...
安全使用建议
This skill truly executes arbitrary shell commands and generated Python code and thus has high potential impact. Specific points to consider before installing or running: - Metadata mismatch: the registry claims no required env vars, but the script uses an LLM API key (config.json or LLM_API_KEY) for standalone mode and expects UA_* env vars in bridge mode. Ask the publisher to correct the metadata. - Prefer Bridge mode with a trusted external 'brain' (external agent provides UA_* inputs) rather than Standalone mode, unless you fully trust and have reviewed the script. Bridge mode lets you control what code/commands are fed to the executor. - Do not run Standalone mode without reviewing the code yourself. The script will write temp scripts, persist a memory file, and can run arbitrary system/network commands — run it in a sandboxed container with minimal privileges and limited network access. - Do not include secrets or credentials in task descriptions. Remove or rotate any API keys stored in config.json before sharing the environment. - If you need to use it, set command/script timeouts low, leave dangerous_mode = false, and inspect/wipe the memory file regularly. If the publisher can (1) update the registry metadata to declare LLM_API_KEY and describe UA_* env vars explicitly, and (2) provide a clear, auditable safety policy or a hardened execution sandbox mode, my confidence in moving this to benign would increase.
功能分析
Type: OpenClaw Skill Name: universal-agent Version: 1.0.0 The bundle implements a 'Universal Agent' framework designed to execute arbitrary shell commands and Python scripts based on LLM-generated logic. While the script `universal_agent.py` includes a safety class (`UniversalExecutor`) with regex-based filters for dangerous commands (e.g., `rm -rf`, `format`), the core functionality provides a direct path for Remote Code Execution (RCE) by design. The `SKILL.md` instructions specifically guide the AI agent to use 'Bridge Mode,' which relies on environment variables like `UA_THINK` and `UA_GENERATE_SCRIPT` to drive the execution loop, creating a high-risk surface for prompt injection. Although no explicit evidence of intentional malice or data exfiltration was found, the broad system access and self-fixing code loops represent significant security risks.
能力标签
crypto
能力评估
Purpose & Capability
The skill's declared purpose is to generate and execute commands/scripts end-to-end; the included Python implementation and SKILL.md are consistent with that capability. However the registry metadata declares no required environment variables or credentials while the code and docs show modes that require an LLM API key (config.json or LLM_API_KEY) for standalone operation and expect bridge-specific env vars (UA_THINK, UA_GENERATE_SCRIPT, UA_DEBUG_AND_FIX, UA_SUMMARIZE). That mismatch between declared requirements and actual code is a coherence issue.
Instruction Scope
SKILL.md and the script explicitly instruct the agent to auto-generate and execute arbitrary shell commands and Python scripts, access/modify files (memory, temp scripts, config.json), and call arbitrary APIs or control hardware. While this is consistent with a 'universal agent' purpose, the runtime instructions also rely on environment-based bridge communication (UA_* variables) and permit self-repair loops that can execute repaired code — broad discretion that can be misused and is not constrained by the registry metadata.
Install Mechanism
There is no install spec (instruction-only skill with bundled script), so nothing is downloaded or extracted at install time. This minimizes install-time risk; however, the skill includes a large standalone Python script that will be written to disk when installed and can execute arbitrary commands at runtime.
Credentials
Registry says 'no required env vars' but the code and docs expect an LLM API key for standalone mode (config.json or LLM_API_KEY) and use UA_* environment variables as the bridge protocol. The skill also persists memory and temp scripts to disk. The absence of declared credential requirements in metadata is inconsistent and could lead to users unknowingly supplying sensitive keys to a powerful executor.
Persistence & Privilege
always:false (not forced). The skill persists execution history/memory to a file (universal_agent_memory.json) and writes temporary script files when executing tasks. It does not declare modifying other skills or system configs, but its ability to run arbitrary commands/scripts implies it can alter system state — so limit scope and run under least privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install universal-agent
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /universal-agent 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Universal Agent 1.0.0 – Initial Release - Introduces a minimal universal agent that automates end-to-end task execution from natural language input, including command/script generation, execution, error recovery, and result summarization. - Provides standalone, bridge, and inline simulation usage modes to suit various integration scenarios. - Supports shell commands, Python scripting, API/API calls, CLI tools, and basic hardware control. - Features auto-retry on error and safety checks to ensure reliable automation workflows. - Includes detailed protocol for external agent integration (environment variables) and full file structure/documentation.
元数据
Slug universal-agent
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Universal Agent 是什么?

This skill should be used when the user needs to execute tasks through a complete automated workflow: understand natural language intent, dynamically generat... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。

如何安装 Universal Agent?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install universal-agent」即可一键安装,无需额外配置。

Universal Agent 是免费的吗?

是的,Universal Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Universal Agent 支持哪些平台?

Universal Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Universal Agent?

由 波动几何(@wangjiaocheng)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论