ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-collaboration

v1.0.0

Hermes 与本地 OpenClaw 协同工作方案 — 共享记忆、API互调、任务分工

0· 45·0 current·0 all-time
by@fish1981bimmer

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fish1981bimmer/openclaw-collaboration.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "openclaw-collaboration" (fish1981bimmer/openclaw-collaboration) from ClawHub.
Skill page: https://clawhub.ai/fish1981bimmer/openclaw-collaboration
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-collaboration

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-collaboration
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (Hermes ↔ local OpenClaw collaboration) align with the SKILL.md content: it documents shared memory, openclaw agent CLI calls, gateway health checks, and model/provider notes. However the manifest declares no required binaries/config paths/credentials while the instructions assume /usr/local/bin/openclaw, ~/.openclaw/* paths, a gateway on localhost:18789 and NVIDIA API access; those omissions are an inconsistency (the skill should list these as requirements).
!
Instruction Scope
SKILL.md explicitly tells the agent to read/write the OpenClaw workspace (~/.openclaw/workspace), edit ~/.openclaw/openclaw.json, tail logs, kill and restart gateway processes, and invoke the openclaw CLI. These are direct file/command operations on user-local state and may access credentials or sensitive config. The instructions also reference gateway token authentication and an external NVIDIA API endpoint, but do not specify how tokens/credentials are provided or protected.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That reduces supply-chain risk (nothing to download/execute on install). The runtime risk comes from the agent following the provided commands on the host.
!
Credentials
The skill declares no required env vars or credentials, yet the text references token-auth for a local gateway and use of the NVIDIA API (which typically requires credentials). It also assumes presence of specific config files and a local openclaw binary. Requesting or using gateway/NVIDIA credentials would be proportionate for this purpose, but the skill fails to declare them or explain where/how they are obtained — a transparency gap that could lead to accidental credential access/exfiltration if the agent is allowed to run these steps autonomously.
Persistence & Privilege
always is false (no force inclusion). Model invocation is allowed (normal default). Because the skill can instruct the agent to operate on local files and run system commands, autonomous invocation increases blast radius — but that alone is not uncommon for an integration guide. The combination of autonomous invocation with file and credential operations (and the lack of declared safeguards) is why caution is advised.
What to consider before installing
This SKILL.md is a how-to for making Hermes and a local OpenClaw instance cooperate, and it tells the agent to read/write ~/.openclaw files, call /usr/local/bin/openclaw, access a local gateway (token-auth), and interact with an external NVIDIA API. Before installing or enabling this skill: 1) Understand it is instruction-only — nothing is installed, but the agent may execute those commands on your machine if allowed. 2) Ask the skill author to declare required binaries, config paths, and exactly which credentials (gateway token, NVIDIA API key) are needed and how they will be used. 3) If you enable it, prefer manual invocation or run the agent in a restricted/sandboxed environment; back up ~/.openclaw first. 4) If you don't want the agent to modify files, deny it write access to the OpenClaw workspace and only allow read-only operations or use the official OpenClaw API with explicit auth. 5) If you need higher assurance, request the skill add checks to avoid concurrent writes (file locking) and explicit prompts before editing configs or restarting services.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6w2faehtm8pdsq2j8zx2p585jekr
45downloads
0stars
1versions
Updated 2d ago
v1.0.0
MIT-0
@fish1981bimmer
latest
Download

Hermes + OpenClaw 协同工作

环境信息

  • OpenClaw: /usr/local/bin/openclaw (v2026.4.15)
  • 配置: ~/.openclaw/openclaw.json
  • Workspace: ~/.openclaw/workspace/
  • Gateway: 端口 18789 (loopback), token 认证
  • 可用模型: minimax-m2.5(主), z-ai/glm5, gemma-3-27b-it
  • NVIDIA API: integrate.api.nvidia.com/v1

三种协同方式

1. 共享记忆

Hermes 直接读写 OpenClaw workspace 目录下的记忆文件。

  • Hermes 写入时在条目末尾加 [Hermes] 标记
  • 避免同时写同一文件: Hermes 写 projects/ 和 decisions/, OpenClaw 写每日日志

2. API 互调

# 给 OpenClaw 派任务
openclaw agent --agent main --message "任务描述" --json --timeout 60
# 指定 agent
openclaw agent --agent glm5 --message "任务" --json --timeout 60
# 投递回复到频道
openclaw agent --agent main --message "任务" --deliver --reply-channel feishu
# 本地模式
openclaw agent --local --agent main --message "任务" --json --timeout 30

注意: agent 命令可能因模型超时卡住, 优先用 minimax-m2.5, 设合理 timeout

3. 任务分工

  • 达梦数据库/SQL → Hermes (有专项 skill)
  • 飞书消息处理 → OpenClaw (原生集成)
  • 快速问答 → Hermes (响应更快)
  • 深度推理 → OpenClaw (可调 thinking level)
  • 代码编写/文件整理 → 两者均可

配置修复踩坑

  1. 拼写错误: includeDefaultMemor → includeDefaultMemory
  2. 非法 key: memory.flush 不是合法配置项(旧版遗留), 需删除
  3. 修复: 直接编辑 json 文件, 或 openclaw doctor --fix(可能卡住)

NVIDIA API 模型 ID 格式

  • OpenClaw 配置用: nvidia/z-ai/glm5 (带 provider 前缀)
  • NVIDIA API 实际: z-ai/glm5 (无 provider 前缀)
  • 调 API 时用无前缀版本

GLM5 超时问题

  • GLM5 在 NVIDIA API 上频繁超时(idle watchdog 触发)
  • 表现: agent 命令无响应, err.log 报 timeout from=nvidia/z-ai/glm5
  • 这是之前卡顿的根因
  • 解决: 优先用 minimax-m2.5 作为主模型

Gateway 运维

  • 检查在线: 访问 localhost:18789/health
  • 查进程: ps aux | grep openclaw-gateway
  • 查错误日志: tail ~/.openclaw/logs/gateway.err.log
  • 重启: kill 旧进程后 openclaw gateway --port 18789

待完善

  • WebSocket 长连接实时通信
  • Python 封装脚本简化 agent 调用
  • 文件锁或写入协调避免冲突

Comments

Loading comments...