技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 1 · 655 · 2 current installs · 2 all-time installs
⭐ 1
安装量(当前) 2
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:austineral/agent-spawner
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's goal (spawn a new OpenClaw agent) matches its instructions, but the runtime instructions instruct the agent to silently read and copy sensitive files and environment API keys and to run remote install scripts — behaviors that substantially increase risk and require explicit user consent and provenance verification.
目的
The name/description (spawn a new OpenClaw agent and carry over keys/plugins/skills) align with the actions described in SKILL.md: reading the current OpenClaw config and environment, cloning the repo, and bootstrapping a new agent. Carrying over provider, model, tools, plugins and skills is coherent with the stated purpose. However, carrying secrets (API keys, gateway token) is a sensitive operation and should be made explicit to the user rat…
说明范围
The instructions explicitly tell the agent to run commands that read local config and secrets (cat ~/.openclaw/openclaw.json, cat ~/.openclaw/.env, env | grep -iE 'API_KEY|TOKEN', ls <workspace>/skills/), then copy keys and tokens into the new agent without asking about keys ('Don't ask about keys... Carry everything over'). Step 1 is labeled 'silent', which means secrets may be accessed without user-visible consent. The skill also instructs e…
安装机制
The skill is instruction-only (no install spec), which limits static risk, but the runtime instructions include execution of remote-install commands: git clone https://github.com/openclaw/openclaw.git and curl -fsSL https://openclaw.ai/install.sh | bash. curl|bash is high-risk unless the URL and script provenance are verified; the skill provides no homepage or verifiable owner information. Using these commands (and later npm plugin installs) w…
证书
Although copying provider API keys and tool/plugin keys is relevant to migrating an agent, the skill requests no declared environment variables but instructs the agent to scan all environment variables for any API_KEY/TOKEN values and to read config files that may contain secrets. This implicit, broad secret collection (including grepping the entire environment) is disproportionate without explicit, granular user consent or restriction to only…
持久
The skill does not request 'always: true' and is not persistent itself, but its workflow instructs duplicating secrets, plugins, and skills into a newly created agent. Duplicating credentials and installing plugins increases the blast radius and creates a persistent agent instance that holds the same privileges as the original. The SKILL.md also suggests installing npm plugins and running containerized services, which can introduce ongoing pri…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Agent Spawner」。简介:Spawn a new OpenClaw agent through conversation. Uses official Docker setup and…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/austineral/agent-spawner/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: agent-spawner
description: Spawn a new OpenClaw agent through conversation. Uses official Docker setup and non-interactive onboarding, carries over API keys, tools, plugins, and skills from the current agent. User answers 2-3 questions. Use when the user wants to create, spin up, deploy, or provision a new OpenClaw agent.
---
# Agent Spawner
Deploy a new OpenClaw agent conversationally. Official install, carry over config from the current agent. User never edits a file.
## 1. Read Current Config (silent)
```bash
cat ~/.openclaw/openclaw.json
cat ~/.openclaw/.env 2>/dev/null
env | grep -iE 'API_KEY|TOKEN'
ls ~/.openclaw/extensions/
ls <workspace>/skills/
```
Identify:
- **Provider**: check `auth.profiles` in config — could be Anthropic, OpenAI, Gemini, custom, etc.
- **API key**: from env var or config (e.g. `ANTHROPIC_API_KEY`, `GEMINI_API_KEY`, `OPENAI_API_KEY`)
- **Model**: from `agents.defaults.model`
- **Tool keys**: anything in `tools.*` (search APIs, etc.)
- **Plugins**: `plugins.installs` — names and npm specs
- **Skills**: run `openclaw skills list` to see what's bundled vs workspace-only. Only carry over non-bundled skills.
## 2. Ask
1. **"Where should I deploy it?"** — Docker (local or remote SSH) or bare metal?
2. **"Name?"** — for container. Generate one if they don't care.
3. **"Anything special?"** — purpose, constraints. Optional.
Don't ask about keys, plugins, skills, ports, or config. Carry everything over, use defaults.
## 3. Confirm Plan
After gathering answers, present the full plan before doing anything. Show everything in one summary:
```
Here's the plan:
📦 Deploy: Docker on <target>
📛 Name: <agent-name>
🌐 Port: <port>
Carrying over from current agent:
✅ Provider: Anthropic (API key)
✅ Model: anthropic/claude-sonnet-4-20250514
✅ Brave Search API key
✅ Plugins: openclaw-agent-reach
✅ Skills: agent-spawner, weather
✅ Heartbeat: 30m
The new agent will bootstrap its own identity on first message.
Good to go?
```
Only list items that actually exist. Wait for explicit confirmation before proceeding. If the user wants changes, adjust and re-confirm.
## 4. Deploy
### Docker
```bash
git clone https://github.com/openclaw/openclaw.git <agent-name>
cd <agent-name>
```
Set env and run non-interactive onboard. Match the provider detected in step 1:
```bash
export OPENCLAW_IMAGE=alpine/openclaw:latest
export OPENCLAW_CONFIG_DIR=~/.openclaw-<agent-name>
export OPENCLAW_WORKSPACE_DIR=~/.openclaw-<agent-name>/workspace
export OPENCLAW_GATEWAY_PORT=<unused port, default 18789>
export OPENCLAW_GATEWAY_BIND=lan
mkdir -p $OPENCLAW_CONFIG_DIR/workspace
```
**Onboard flags vary by provider.** Use the matching `--auth-choice` and key flag:
| Provider | --auth-choice | Key flag |
|----------|--------------|----------|
| Anthropic | `apiKey` | `--anthropic-api-key` |
| Gemini | `gemini-api-key` | `--gemini-api-key` |
| OpenAI | `apiKey` | (set `OPENAI_API_KEY` env) |
| Custom | `custom-api-key` | `--custom-api-key` + `--custom-base-url` + `--custom-model-id` |
```bash
docker compose run --rm openclaw-cli onboard --non-interactive --accept-risk
--mode local
--auth-choice <detected>
--<provider>-api-key "$API_KEY"
--gateway-port 18789
--gateway-bind lan
--skip-skills
docker compose up -d openclaw-gateway
```
Official compose uses **bind mounts** — host user owns files, no permission issues.
Onboard error about gateway connection is expected (not running yet). Config is written.
### Bare metal
```bash
curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard
openclaw onboard --non-interactive --accept-risk
--mode local
--auth-choice <detected>
--<provider>-api-key "$API_KEY"
--gateway-port 18789
--gateway-bind lan
--install-daemon
--daemon-runtime node
--skip-skills
```
## 5. Patch Running Agent
CLI alias:
- Docker: `OC="docker compose exec openclaw-gateway node /app/openclaw.mjs"`
- Bare metal: `OC="openclaw"`
**Config** (only patch what the current agent actually has):
```bash
$OC config set agents.defaults.model "<model>"
$OC config set agents.defaults.heartbeat.every "30m"
# Tool keys — only if they exist in current config
$OC config set tools.web.search.apiKey "<key>"
```
**Plugins** (from `plugins.installs` in current config):
```bash
$OC plugins install <npm-spec>
# Repeat for each plugin
```
**Skills** (copy workspace skills):
```bash
# Docker
docker cp <source-workspace>/skills/ <container>:/home/node/.openclaw/workspace/skills/
# Bare metal
cp -r <source-workspace>/skills/ ~/.openclaw/workspace/skills/
```
**Restart:**
```bash
docker compose restart openclaw-gateway # Docker
openclaw gateway restart # bare metal
```
## 6. Hand Off
Read the gateway token:
```bash
grep -A1 '"token"' $OPENCLAW_CONFIG_DIR/openclaw.json
```
Tell the user:
- **URL:** `http://<host>:<port>/`
- **Token:** (from config — onboard auto-generates one)
- "Say hello — it'll bootstrap itself."
## Notes
- `openclaw` not in PATH inside Docker. Use `node /app/openclaw.mjs`.
- `--accept-risk` required for non-interactive onboard.
- `alpine/openclaw:latest` — pre-built official image.
- Don't use named Docker volumes — root ownership issues. Official compose uses bind mounts.
- Multiple agents on same host: use different `OPENCLAW_CONFIG_DIR` and `OPENCLAW_GATEWAY_PORT`.
- Plugins and skills persist in `~/.openclaw/` volume (extensions/ and workspace/skills/).
- SSH keys, git config, apt packages are ephemeral — not in the volume, by design.