by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's files and runtime instructions broadly match its MeshOps purpose, but there are inconsistencies and several powerful, potentially risky operations (deploying archives, running commands, automatic capability registration/auto-claiming) gated by environment variables — the gating and registry metadata are inconsistent and need review before install.
评估建议
This skill is purpose-aligned for a MeshOps control plane, but review these before installing:
- Resolve the manifest mismatch: the registry summary says "no required env vars/bins" but metadata.yaml inside the package lists several gates and binaries. Confirm the marketplace metadata matches the packaged metadata.
- Treat the gating env vars (OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL) as safety interlocks — ensure they default to disabled (0) and are only en...详细分析 ▾
ℹ 用途与能力
The name/description (MeshOps control-plane) aligns with the included docs, SKILL.md, and scripts: they implement ring-of-trust, CRDT sync, capability routing, and lifecycle ops. The presence of scripts to install plugins, deploy skills, run commands, and collect logs is coherent with an operator/mesh-control skill. However, the skill manifest shown earlier (registry summary) reported no required env vars/binaries while metadata.yaml inside the package lists several required env vars and binaries (OPENCLAW_* gates, openclaw, jq, curl, tar, sha tools, git). This mismatch is an incoherence to resolve.
⚠ 指令范围
SKILL.md instructs agents to perform broad dispatcher behaviors (auto-register capabilities on load, auto-claim tasks at each reasoning step, write routing metadata into shared Yjs state). Those instructions give loaded agents autonomous authority to discover and claim work across a mesh. The runtime action scripts also read environment gates, write to filesystem locations (/opt/openclaw/skills, /var/lib/openclaw/artifacts), download artifacts from arbitrary HTTPS URLs (deploy-skill), and run CLI tooling. While many of these actions are gated, the SKILL.md's automatic/implicit side-effects (capability registration on load, automated claiming) expand the agent's scope significantly and deserve operator review.
✓ 安装机制
There is no package-install spec embedded (instruction-only at registry level) and code files are shipped in the skill bundle. The scripts themselves call external network via openclaw plugins install and curl (for deploy-skill) — but those are invoked at runtime and are gated. No opaque downloads from personal IPs or shorteners; deploy-skill requires HTTPS and SHA256 verification. This is acceptable but still risky in practice because extracting remote archives into /opt is high-impact.
⚠ 凭证需求
Declared envs in metadata.yaml (OPENCLAW_ALLOWED_CALLERS, OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL, OPENCLAW_RUN_CMD_ALLOWLIST, OPENCLAW_ARTIFACT_ROOT) map to the skill's gating design and are not secret credentials, which is proportionate. But the registry summary reported no required envs (contradiction). Also, required envs control powerful actions: if gates are enabled (OPENCLAW_ALLOW_RUN_CMD=1, OPENCLAW_ALLOW_DEPLOY_SKILL=1, OPENCLAW_ALLOW_HIGH_RISK=1) and caller allowlist permits a caller, the skill can download and extract archives and run commands (even though run-cmd has an allowlist, deploy-skill downloads arbitrary artifact URLs). This makes correct gate configuration critical.
ℹ 持久化与权限
always:false and disable-model-invocation:false (normal). The skill's documented behavior includes side-effects on agent startup (capability registration) and automatic claiming at each reasoning step; those are functional choices but increase the blast radius because agents with the skill become eligible executors and can be auto-invoked. Combined with the deploy-skill/run-cmd scripts, this raises risk if gating env-vars or allowlists are misconfigured. The skill does not request system-wide config modification beyond installing skills or writing to /opt when operator-invoked.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.62026/3/4
- Documentation formatting updated in SKILL.md for improved readability and structure. - No changes to core logic or skill functionality in this release.
● 可疑
安装命令
点击复制官方npx clawhub@latest install openclaw-skill-ansible
镜像加速npx clawhub@latest install openclaw-skill-ansible --registry https://cn.longxiaskill.com
技能文档
什么
Ansible is a distributed coordination layer that lets you operate across multiple OpenClaw gateways as one coordinated mesh.
Four pillars:
- Ring 的 Trust: invite/join handshake, auth-gate WebSocket tickets, ed25519-signed capability manifests, per-action safety gates, 和 令牌 lifecycle.
- Mesh 同步: Yjs CRDT replication 在...上 Tailscale. Messages, tasks, context, 和 pulse remain durable 穿过 reconnects 和 restarts.
- Capability Routing: 发布/unpublish capability contracts. 每个 contract references delegation skill (requester) 和 execution skill (executor).
- Lifecycle Ops: lock sweep, retention/pruning, coordinator sweep, 和 deployment hygiene.
Relationship Modes
- Friends/Employees (默认): 其他 nodes 不同 agents. Provide context 和 communicate explicitly.
- Hemispheres (advanced): mirrored instances 的 相同 identity. Shared intent 和 direct communication.
Default to Friends/Employees unless explicitly told a node is a hemisphere.
节点 Topology
- Backbone: always-在...上 nodes (VPS/servers) host Yjs WebSocket.
- Edge: intermittent nodes (laptops/desktops) connect 到 backbone.
Human Visibility Contract (必填 在...上 Pickup)
When taking coordination work, maintain explicit lifecycle updates:
- ACK: confirm receipt 和 summarize intent.
- IN_PROGRESS: emit progress updates 在 meaningful checkpoints.
- 已完成 或 BLOCKED: 关闭 带有 evidence, 下一个 action, 和 owner.
Use conversation_id consistently for all related updates.
Ring 的 Trust - Behavioral Rules
- Unknown nodes require invite-based admission. 做 不 bypass.
- High-risk capability publishes require human approval artifacts.
- Respect caller gates (
OPENCLAW_ALLOWED_CALLERS) 和 high-risk flags. - Never expose tokens 在...中 plaintext messages/logs/shared state.
- 当...时 signature enforcement 在...上, 仅 accept manifests signed 由 trusted publisher keys.
Gateway Compatibility Contract
- 验证 插件 installed 和 readable 之前 assuming tool availability.
- 验证 tier assumptions (backbone vs edge) 之前 mutating coordination settings.
- Treat gateway runtime 作为 source 的 truth 对于 活跃 topology 和 health.
Reliability 模型
Source 的 Truth
Shared Yjs state is authoritative.
Delivery Semantics
- Durable: messages/tasks persist 在...中 shared state.
- Auto-dispatch: best-effort realtime injection 进入 sessions.
- Heartbeat reconcile: periodic rescan recovers missed injections.
- 重试: transient dispatch failures 重试 带有 bounded backoff.
- 发送 receipts: notify configured operators 当...时 work placed 在...上 mesh.
Operating Rules
- 验证 待处理 work 带有
ansible_status和ansible_read_messages. - 如果 polling mode used, always 回复 通过
ansible_send_message. - 使用
corr:对于 thread continuity. - 监听器 behavior optimization; sweep/reconcile backstop.
Capability Contracts
- capability contract, 不 只是 label.
- Contract includes delegation 和 execution skill references.
- Publishing updates routing eligibility mesh-wide.
- Provenance verified against trusted publisher keys 当...时 configured.
- High-risk contracts require explicit approval artifacts.
- Unpublish removes eligibility immediately.
- Lifecycle evidence 必须 capture install/wire outcomes.
Delegation Protocol
- Requester creates task 带有 objective, context, acceptance criteria, 和 target policy (
to_agents或 capability). - Executor claims task 和 sends acceptance/ETA signal.
- Executor performs work, emits progress, 和 completes 带有 structured 结果.
- Requester reports final outcome 到 human 和/或 downstream agents.
Coordinator Behavior
- Run sweep loops 对于 stale locks, SLA drift, 和 backlog reconciliation.
- Prefer 记录-仅 escalation 由 默认 当...时 blast radius unclear.
- 如果 DEGRADED, prioritize containment, visibility, 和 deterministic recovery.
可用 Tools
Communication
| Tool | Purpose |
|---|---|
ansible_send_message | Send targeted or broadcast message across mesh |
ansible_read_messages | Read unread messages (or full history) |
ansible_mark_read | Mark messages as read |
ansible_delete_messages | Admin-only emergency purge |
Task Delegation
| Tool | Purpose |
|---|---|
ansible_delegate_task | Create task for another node/agent set |
ansible_claim_task | Claim pending task |
ansible_update_task | Update task status/progress |
ansible_complete_task | Complete task and notify requester |
ansible_find_task | Resolve task by ID/title |
Context 和 Status
| Tool | Purpose |
|---|---|
ansible_status | Mesh health, unread, pending, and topology summary |
ansible_update_context | Update shared context/threads/decisions |
Coordination 和 Governance
| Tool | Purpose |
|---|---|
ansible_get_coordination | Read coordinator configuration |
ansible_set_coordination_preference | Set node coordinator preference |
ansible_set_coordination | Switch coordinator (guarded) |
ansible_set_retention | Configure closed-task retention/pruning |
ansible_get_delegation_policy | Read delegation policy plus ACKs |
ansible_set_delegation_policy | Publish/update delegation policy |
ansible_ack_delegation_policy | Acknowledge policy version |
ansible_lock_sweep_status | Inspect lock sweep health |
Capability Lifecycle
| Tool | Purpose |
|---|---|
ansible_list_capabilities | List published capability contracts |
ansible_capability_publish | Publish/upgrade capability contract |
ansible_capability_unpublish | Remove capability from routing |
ansible_capability_lifecycle_evidence | Show install/wire evidence for version |
ansible_capability_health_summary | Show success/error/latency summary |
当...时 到 使用 Ansible
Use Ansible when work crosses gateways, needs durable coordination, or requires auditable delegation contracts.
会话 Behavior
- 开始 由 checking status 和 待处理 work.
- Prefer explicit delegation 对于 capability-matched work.
- Keep humans 在...中 循环 通过 lifecycle messages.
消息 Protocol v1
- Always include enough context 对于 independent execution.
- 使用 stable correlation IDs (
corr) 和 conversation IDs. - Prefer structured payloads 在...上 freeform-仅 messaging.
Setup Playbooks
Follow plugin setup and gateway runbooks for topology bootstrap, auth-gate, and trust settings.
Delegation Management
- Keep delegation policy current 和 acknowledged 穿过 nodes.
- Treat capability publishes 作为 contract releases.
- Roll back quickly 当...时 lifecycle evidence indicates drift 或 misfire.