← 返回 Skills 市场
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install venture-spawner
功能描述
Instant agent hiring. Takes job postings from the orchestrator and fills them with properly configured sub-agents. Handles context passing, timeout enforceme...
安全使用建议
This skill appears to implement an agent-spawning orchestration flow but contains several items that could expose secrets or sensitive files if not constrained. Before installing, confirm: (1) where JOB_BOARD.md and referenced files live and who can write them; (2) that the platform enforces strict allowlists/deny-lists so spawned tasks cannot receive .env contents, private keys, or personal files unless explicitly authorized; (3) whether 'Include SSH commands for droplet' implies access to SSH private keys — if so, deny or centralize SSH access rather than embedding keys in tasks; (4) how access to other skills' files and OpenClaw docs is controlled; and (5) add explicit sanitization rules in the orchestrator (strip credentials, redact secrets, require user confirmation before spawning buckets that reference named personal files). If you proceed, limit which buckets can spawn agents, require explicit approval for any job that references SSH or named personal data, and monitor spawned-agent activity and logs for unexpected outbound connections or file accesses.
功能分析
Type: OpenClaw Skill
Name: venture-spawner
Version: 1.0.0
The 'venture-spawner' skill is a robust orchestration tool designed to manage sub-agent lifecycles based on a job board (JOB_BOARD.md). It implements several safety and operational best practices, such as a strict concurrency limit (max 3 agents), dependency resolution logic, and explicit instructions in SKILL.md to avoid modifying .env files with real credentials. While it handles high-privilege tasks like spawning agents and passing SSH context for infrastructure management, these actions are well-documented and aligned with the stated purpose of automated project management without any signs of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The name/description (spawn sub-agents, enforce timeouts, pass context) align with the instructions. However several bucket-specific requirements (e.g., "Include SSH commands for droplet", "Ryan's resume", "Relevant skill files, OpenClaw docs") are not justified by the manifest (no env, no config paths) and imply access to SSH credentials, a named individual's private file, and other skills' internals. Those items are disproportionate to a generic spawner unless the orchestrator explicitly provides controlled access.
Instruction Scope
SKILL.md tells the agent to read workspace/JOB_BOARD.md and to assemble/paste relevant file contents into spawned-agent tasks. It explicitly allows passing 'Relevant skill files' and full file references, and asks for SSH commands to be included for some buckets. That grants broad discretion to include files (potentially secrets) in task payloads and to instruct sub-agents to perform network/SSH actions — scope creep from a simple orchestrator role unless the platform enforces strict file/secret filtering.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill package itself.
Credentials
The skill declares no environment variables or credentials, yet the guidance implicitly expects access to potentially sensitive material (SSH commands/keys, 'Ryan's resume', other skill files). That mismatch (no explicit credential requirements but clear need/encouragement to use sensitive data) is a red flag: who provides SSH keys and personal files, and how are they protected/filtered before being passed to child agents?
Persistence & Privilege
The skill does not request always:true and does not install persistent components. However it is allowed to invoke autonomously (default), so combined with the instruction to spawn and pass arbitrary context, autonomous invocation increases blast radius—particularly for buckets that ask to include other skills or SSH commands. This is noteworthy but not decisive on its own.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install venture-spawner - 安装完成后,直接呼叫该 Skill 的名称或使用
/venture-spawner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
First release. Takes scoped job postings, spawns configured sub-agents per work bucket, tracks completion, handles failures. Max 3 concurrent agents.
元数据
常见问题
Venture Spawner 是什么?
Instant agent hiring. Takes job postings from the orchestrator and fills them with properly configured sub-agents. Handles context passing, timeout enforceme... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Venture Spawner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install venture-spawner」即可一键安装,无需额外配置。
Venture Spawner 是免费的吗?
是的,Venture Spawner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Venture Spawner 支持哪些平台?
Venture Spawner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Venture Spawner?
由 KairoKid(@dodge1218)开发并维护,当前版本 v1.0.0。
推荐 Skills