Paperclip Resilience — 纸夹 AI 代理弹性编排

Name: Paperclip Resilience — 纸夹 AI 代理弹性编排
Author: levineam

levineam

Paperclip Resilience — 纸夹 AI 代理弹性编排

v1.1.0

为 Paperclip AI 代理提供生产级弹性能力，包括自动故障转移、模型轮换、运行恢复、阻塞路由和任务注入，确保 AI 代理在 OpenClaw 部署中高可用运行。

0· 60·0 当前·0 累计

by @levineam·MIT-0

AI模型访问开发工具自动化容器与虚拟化

下载技能包

License

MIT-0

最后更新

2026/3/28

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

high confidence

代码和运行指令与声明的弹性目的匹配，但注册元数据低估了所需的凭证，模块读写用户文件并调用外部 API/Webhook — 这些不匹配需要在安装前谨慎处理。

评估建议

["安装前检查：凭证、配置审查、文件访问与隐私、网络端点、状态持久化、隔离测试和审计。","提供最小权限密钥，使用范围受限的 API 令牌，确保 webhook 端点可信任，审查配置文件，测试隔离环境。"]...

详细分析 ▾

ℹ 用途与能力

The modules (spawn-with-fallback, run-recovery, model-rotation, blocker-routing, task-injection) align with the skill description: they orchestrate Paperclip + OpenClaw runs, rotate models, and detect/recover failures. However, the skill requires Paperclip API credentials and provider API keys (documented in SKILL.md and present in code) but the registry metadata declares no required environment variables — that's an inconsistency.

ℹ 指令范围

SKILL.md instructs running node scripts that call OpenClaw/ Paperclip endpoints and read config.json. The included code goes further: it queries Paperclip APIs, may create issues, scans session transcripts under ~/.openclaw, reads referenced Tasks/Journal/Project board markdown files, writes state to ~/.openclaw/model-rotation-state.json, and can POST to configurable webhooks. Those behaviors are within the stated resilience purpose but broaden the runtime surface (local home-directory file access + network requests to configurable endpoints).

✓ 安装机制

No installation/download step is present (instruction-only installation via clawhub). No external binary downloads or package installs are required by package.json — low install mechanism risk.

⚠ 凭证需求

The code expects several environment variables (e.g., PAPERCLIP_API_URL, PAPERCLIP_API_KEY, PAPERCLIP_COMPANY_ID, PAPERCLIP_AGENT_ID, PAPERCLIP_PROJECT_ID, PAPERCLIP_RESILIENCE_CONFIG, optional BLOCKER_* env vars), and SKILL.md warns that multiple LLM provider API keys must be configured. Yet the registry metadata lists no required env vars. This is a mismap: the skill legitimately needs sensitive credentials (Paperclip API key and provider keys) but the manifest doesn't declare them, which can mislead operators about the privileges the skill will use.

ℹ 持久化与权限

The skill is not always-enabled and uses normal autonomous invocation defaults. It persists state and logs under the user's home (~/.openclaw and configured paths) and writes config/state files (model-rotation state, potential blockers journal, config.json). This is expected for an orchestration tool but means it will create and read persistent files in user home and therefore should be run with appropriate permissions and file-path review.

⚠ src/spawn-with-fallback.js:376

Shell command execution detected (child_process).

⚠ src/lib/paperclip-issue-gate.js:19

Environment variable access combined with network send.

⚠ src/run-recovery.js:35

Environment variable access combined with network send.

⚠ src/run-recovery.js:84

File read combined with network send (possible exfiltration).

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.1.02026/3/28

添加交互式设置向导（scripts/setup.js）和架构文档（docs/architecture.md）

● 无害

安装命令点击复制

官方npx clawhub@latest install paperclip-resilience

镜像加速npx clawhub@latest install paperclip-resilience --registry https://cn.clawhub-mirror.com

技能文档

为 Paperclip AI 代理提供生产级弹性能力，通过 OpenClaw 进行编排。...

问题

Paperclip 代理在提供商遇到速率限制、会话在网关重启后崩溃、失败的运行将代理卡在错误状态且无恢复路径时会静默死亡。...

内容

模块	文件	目的
Spawn with Fallback	`src/spawn-with-fallback.js`	包含 `openclaw session spawn` 的自动提供商故障转移。

...

快速开始

1. 安装

clawhub install paperclip-resilience

...

要求

OpenClaw（用于会话生成和代理管理）
Paperclip（用于心跳运行监控和代理生命周期）
Node.js 18+
至少两个 LLM 提供商 API 密钥配置（用于故障转移）

Production-grade resilience for AI agents running on Paperclip, orchestrated through OpenClaw.

The Problem

Paperclip agents die silently when providers hit rate limits, sessions crash on gateway restarts, and failed runs leave agents stuck in error state with no recovery path. If you're running agents overnight or in parallel, you need automated recovery — not manual babysitting.

What's Included

Module	File	Purpose
Spawn with Fallback	`src/spawn-with-fallback.js`	Wraps `openclaw session spawn` with automatic provider failover. If your primary model 429s, it tries the configured fallback.
Model Rotation	`src/model-rotation.js`	Tracks fix attempts per PR/task and rotates through models + thinking levels after repeated failures.
Run Recovery	`src/run-recovery.js`	Detects failed Paperclip heartbeat runs (gateway errors, timeouts, 429s) and re-invokes agents with model fallback.
Blocker Routing	`src/blocker-routing.js`	Scans agent session transcripts for blocked/stuck signals and routes them to configurable destinations (file, stdout, webhook).
Task Injection	`src/task-injection.js`	Enriches spawn task descriptions with issue tracking metadata, PR requirements, and UX design checklists before agent execution.

Quick Start

1. Install

clawhub install paperclip-resilience

2. Configure

cd skills/paperclip-resilience
cp config.example.json config.json
# Edit config.json with your model aliases and fallback pairs

3. Use Spawn with Fallback

# CLI node skills/paperclip-resilience/src/spawn-with-fallback.js \ --model sonnet --task "Fix the login bug" --mode run

# Dry run to see what would happen node skills/paperclip-resilience/src/spawn-with-fallback.js \ --model opus --task "Refactor auth" --dry-run

// Programmatic
const { spawnWithFallback, loadConfig } = require('./skills/paperclip-resilience/src/spawn-with-fallback');
const config = loadConfig('./my-config.json');
const result = await spawnWithFallback({ model: 'sonnet', task: 'Fix bug', config });

4. Set Up Run Recovery (Cron)

Add to your OpenClaw cron schedule to auto-recover failed runs:

node skills/paperclip-resilience/src/run-recovery.js --dry-run --verbose

Once verified, schedule it:

/15    *  node skills/paperclip-resilience/src/run-recovery.js

5. Model Rotation for PR Fixes

# Check if a PR needs model rotation node skills/paperclip-resilience/src/model-rotation.js check --pr 42 --repo owner/repo

# Record an attempt node skills/paperclip-resilience/src/model-rotation.js record --pr 42 --repo owner/repo --model anthropic/claude-sonnet-4-6

Configuration

All modules read from config.json in the skill directory, with sensible defaults if no config is provided.

See config.example.json for the full documented schema, and config.schema.json for validation.

Key Configuration Sections

aliases — Map short model names to full provider/model strings:

{
  "aliases": {
    "sonnet": "anthropic/claude-sonnet-4-6",
    "opus": "anthropic/claude-opus-4-6",
    "codex": "openai-codex/gpt-5.3-codex"
  }
}

fallbacks — Define provider failover pairs:

{
  "fallbacks": {
    "anthropic/claude-sonnet-4-6": "openai-codex/gpt-5.3-codex",
    "openai-codex/gpt-5.3-codex": "anthropic/claude-sonnet-4-6"
  }
}

failurePatterns — Regex patterns that trigger fallback:

{
  "failurePatterns": {
    "patterns": ["credits", "quota", "402", "rate[\\s_-]?limit"]
  }
}

Architecture

┌──────────────────┐     ┌──────────────────┐
│  Task Injection   │────▶│ Spawn w/ Fallback │
│  (enrich task)    │     │  (provider retry)  │
└──────────────────┘     └────────┬───────────┘
                                  │
                                  ▼
                    ┌──────────────────────┐
                    │   Paperclip Agent     │
                    │   (heartbeat runs)    │
                    └──────────┬───────────┘
                               │
                    ┌──────────┴───────────┐
                    │                       │
                    ▼                       ▼
          ┌────────────────┐    ┌──────────────────┐
          │ Run Recovery    │    │ Blocker Routing   │
          │ (detect + wake) │    │ (escalate stuck)  │
          └────────────────┘    └──────────────────┘
                    │
                    ▼
          ┌────────────────┐
          │ Model Rotation  │
          │ (escalate model)│
          └────────────────┘

Requirements

OpenClaw (for session spawning and agent management)
Paperclip (for heartbeat run monitoring and agent lifecycle)
Node.js 18+
At least two LLM provider API keys configured (for fallback to work)

Security

This skill was security-reviewed for ClawHub publication in SUP-453. The code paths that accept user-controlled input now enforce validation up front and fail closed.

Hardened Surfaces

Surface	Protection
Model names	Character allowlist with support for provider suffixes like `:free`; rejects empty path segments and `.` / `..` traversal segments
Task files (`@file`)	Blocks explicit `../`, canonicalizes symlinks with `realpath`, rejects system paths like `/etc/` and `/usr/`, requires a regular file
Task payloads	1MB max size limit for inline and file-backed task content
Spawn mode + labels	Allowlist validation for mode (`run`, `session`) and safe-character validation for labels
Failure regex config	Caps pattern count/length and drops invalid regexes to reduce ReDoS risk
Paperclip issue metadata	Sanitizes API strings, constrains issue identifier extraction, normalizes priority values

Security Boundaries

Process execution: uses execFile, not shell execution
Dynamic code execution: none (eval / Function not used)
Credentials: read from environment or external auth files; not embedded in the skill
File access: limited to explicitly requested files, with traversal and symlink tunnel protections
Dependencies: zero external runtime dependencies in this package

Verification

# Functional coverage node skills/paperclip-resilience/tests/test-spawn-with-fallback.js # Full security suite node skills/paperclip-resilience/tests/test-security.js

# Quick smoke test node skills/paperclip-resilience/tests/test-security-quick.js

Audit Record

Last audit: 2026-03-27
Tracking issue: SUP-453
Status: ✅ Approved for ClawHub publication
Details: see SECURITY-AUDIT-REPORT.md

Related Paperclip Issues

These are the upstream gaps this skill works around:

#276 — Auto-requeue agent on failure
#1845 — No crash-recovery wakeup after restart
#1861 — Agent death on 429 with no model fallback

License

MIT

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

问题

内容

快速开始

1. 安装

要求

The Problem

What's Included

Quick Start

1. Install

2. Configure

3. Use Spawn with Fallback

4. Set Up Run Recovery (Cron)

5. Model Rotation for PR Fixes

Configuration

Key Configuration Sections

Architecture

Requirements

Security

Hardened Surfaces

Security Boundaries

Verification

Audit Record

Related Paperclip Issues

License

安装命令点击复制