Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
taichi
v2.1.0太极架构多 Agent 协作框架,支持集中式、分布式,元混合三种执行模式。基于 Redis 消息总线,实现 Planner/Drafter/Validator/Dispatcher 四个阶段的工作流。
⭐ 0· 49·0 current·0 all-time
byIndivisible@indivisible2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (multi-agent orchestration using Redis) match the shipped code and SKILL.md: orchestrator, CentralizedBus/DistributedBus, Agent classes, Worker implementations, configs and a skill manifest are present. There are no unrelated credentials, binaries, or external downloads requested. One minor inconsistency: registry metadata listed this as 'instruction-only' but the package includes full source and install scripts (not a security problem by itself, but worth noticing).
Instruction Scope
SKILL.md instructs running the framework in a venv and requires Redis — that's coherent. However the framework's SkillExecutor executes commands via asyncio.create_subprocess_shell with naive template substitution (string replace) and only a first-word whitelist check. Because commands are executed through the shell, poorly configured skill manifests or untrusted task parameters could enable shell injection or arbitrary command execution. The runtime also reads permission files and YAML manifests from the package; verify those before use.
Install Mechanism
No network download install spec in registry; code includes local install.sh and venv-based installation that will pip-install pinned requirements.txt. No remote archive downloads or obscure URLs present in the provided files.
Credentials
The package does not require external credentials or environment variables in registry metadata. It expects a reachable Redis instance and local venv — which is proportional to a Redis-based orchestration framework. Note: if your Redis requires authentication you will need to supply credentials in config; the skill does not itself request cloud/secret env vars.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. It persists runtime state to a local workspace and SQLite DB (expected for orchestration) and can run autonomously (default), which is the platform norm.
Assessment
This package appears to be what it says: a Redis-based multi-agent orchestration framework. Before installing: (1) review configs/configs/skills/manifest.yaml and configs/communication.yaml to ensure allowed_commands and permission rules are strict; (2) inspect install.sh and start.sh and run them in an isolated environment or container (do not run as root); (3) secure Redis (bind to localhost or require AUTH) to avoid exposing the message bus; (4) be aware that tasks can cause the framework to run shell commands — template substitution is simple string replacement and commands are executed via the shell, so untrusted task input or a lax skill manifest can lead to command injection or arbitrary command execution; (5) if you will accept tasks from external/untrusted sources, harden the allowed_commands whitelist and/or use non-shell executors. If you want a more thorough risk assessment, provide the contents of configs/skills/manifest.yaml and configs/communication.yaml and the orchestrator invocation options.Like a lobster shell, security has layers — review code before you run it.
latestvk977ycqd27z4ca876ak7vd3rf584b6hj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.