ClawHub

Xiaguang Harness [DEPRECATED → use trinity-harness]

v1.0.1

Production-grade Agent Harness combining execution discipline (Superpower), knowledge compounding (CE), and product thinking (Gstack) into a single adaptive...

0· 56·0 current·0 all-time
by@christianye·duplicate of @christianye/production-harness
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes an engineering 'harness' for multi-step agent work and includes concrete steps (spec, plan, build, verify, checkpoint). The actions it prescribes (write checkpoints to files, run tests, commit, verify API responses, restart services) are coherent with a development/CI-style harness.
Instruction Scope
The instructions explicitly tell the agent to read/write files, run shell-like verification commands (ls, wc, grep), run tests, perform commits/checkpoints, and restart/verify services. Those actions align with the harness purpose but grant the agent broad discretion to interact with the host filesystem and services. SKILL.md does not enumerate or constrain which paths, repos, or services to operate on.
Install Mechanism
This is an instruction-only skill with no install steps and no code files to write at install time, which is low-risk from an installation/execution perspective.
Credentials
No environment variables, binaries, or credentials are declared in the metadata. However, the runtime instructions assume availability of command-line tools (git, ls, grep, wc, test runners) and access to the filesystem and services. The metadata omission is a minor inconsistency — the harness legitimately requires host/agent tooling and file access but does not declare these expectations explicitly.
Persistence & Privilege
The skill is not always-on and uses normal autonomous invocation defaults. It does not request persistent system-wide changes in metadata; its workflow recommends writing checkpoints to files and committing changes, which is expected for a harness.
Assessment
This skill is an instruction-only engineering harness and appears to be what it claims. Before installing or enabling it for an agent, confirm whether you are comfortable granting the agent: (1) filesystem write/read access (it will create checkpoints and overwrite files), (2) the ability to run shell/test/CI commands (ls, grep, wc, test runners, git), and (3) the ability to interact with or restart services. The metadata lacks declared required binaries or owner/homepage and the skill is marked deprecated in its name — prefer the recommended replacement (trinity-harness) if available. If you will run this on production systems, restrict the agent's permissions (run in an isolated repo/container, limit paths, require human confirmations for deploy/restart steps) and audit any commits or service restarts the agent proposes.

Like a lobster shell, security has layers — review code before you run it.

agentvk977n99gzkn9yvj51pge8vzjw184fp6sdeprecatedvk97etfkdqj8gbd8y5g7jtwe94184fzmgengineeringvk977n99gzkn9yvj51pge8vzjw184fp6sharnessvk977n99gzkn9yvj51pge8vzjw184fp6slatestvk97etfkdqj8gbd8y5g7jtwe94184fzmgtddvk977n99gzkn9yvj51pge8vzjw184fp6sverificationvk977n99gzkn9yvj51pge8vzjw184fp6sworkflowvk977n99gzkn9yvj51pge8vzjw184fp6s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments