📦 Agentic Mode Upgrades — 智能体升级
v2.4.1为智能体循环注入规划、并行执行、置信门控、语义错误恢复与可观测状态机,并附带 Mode 仪表板 UI,全面提升自主任务可靠性与可见性。
0· 977·2 当前·2 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
What to check before installing:
- Source provenance: The skill lists a GitHub/ClawHub location in README but the registry 'Homepage' is unknown. Prefer installing only from a verified repository and confirm commit signatures.
- Review prompt-injection surface: Inspect the parts that append/inject into the agent 'system prompt' and the SurrealDB auto-inject logic. Ensure injected content is strictly non-directive and limited in size/format. Search the code for any replace/overwrite of system pr...详细分析 ▾
ℹ 用途与能力
Name, description, and included code (orchestrator, gates, state, UI) align with an 'agentic loop upgrade'. The skill legitimately needs to wrap the agent runner, persist state under ~/.openclaw/, and call the host LLM provider. However the package references host credentials and environment variables (e.g., ${OPENAI_API_KEY}, resolveApiKeyForProvider) even though requires.env lists none — this mismatch should be clarified.
⚠ 指令范围
SKILL.md and SECURITY.md state the skill appends only additive 'plan status' to the system prompt, but a pre-scan flagged 'system-prompt-override' patterns in the SKILL.md and the codebase includes runner-wrapping and memory auto-injection (SurrealDB) that injects semantic memory into the system prompt. Appending user-memory content into the system prompt can effectively change agent behavior and may contain user-provided facts that act as new directives; this is scope-expanding and requires careful inspection of the exact injection code and formatting.
ℹ 安装机制
No explicit install spec is provided (instruction-only), but the skill bundle contains many source and dist files and scripts (verify.sh). Not having a build/install spec isn't necessarily malicious, but it means you should inspect the included scripts (especially verify.sh) and how the host 'openclaw skill install' will load/run those files. There's no external download URL at runtime per SECURITY.md, which lowers remote-install risk.
⚠ 凭证需求
The manifest declares no required environment variables or primary credential, yet the documentation and troubleshooting text reference resolving host provider credentials and using environment variables like ${OPENAI_API_KEY}, and the optional SurrealDB auto-inject feature depends on mcporter/gateway runtime env. The skill reads host agent auth profiles at runtime (inherits credentials) — this is expected for an orchestrator, but because it's not declared in requires.env the relationship is under-documented and could surprise non-expert users. Confirm how credentials are resolved, whether any secrets are written or logged, and that the skill truly does not persist sensitive tokens.
ℹ 持久化与权限
Persistence is limited to ~/.openclaw/ per the docs and the skill is opt-in (not always:true). The skill wraps the agent runner (wrapRun) which gives it supervisory control of agent calls — normal for an orchestrator but increases blast radius if combined with other issues (e.g., prompt injection or credential misuse). Approval gates default on for high/critical ops which mitigates risk, but you should verify gate enforcement paths.
⚠ scripts/verify.sh:97
Environment variable access combined with network send.
⚠ src/dist/llm/caller.js:20
Environment variable access combined with network send.
⚠ src/llm/caller.ts:57
Environment variable access combined with network send.
⚠ src/dist/llm/caller.js:35
File read combined with network send (possible exfiltration).
⚠ src/llm/caller.ts:71
File read combined with network send (possible exfiltration).
⚠ references/context-management.md:140
Prompt-injection style instruction pattern detected.
⚠ references/task-hierarchy.md:235
Prompt-injection style instruction pattern detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.4.12026/2/17
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install agent-mode-upgrades
镜像加速npx clawhub@latest install agent-mode-upgrades --registry https://cn.longxiaskill.com