ClawHub

tang-agents

v1.0.1

Fault-tolerant multi-agent system for collaborative task execution with policy drafting, review, dispatch, parallel ministry actions, and comprehensive fault...

0· 48·0 current·0 all-time
by@jiubanszd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The package name/description match the included Python modules: agents for drafting, review, dispatch, and six ministries are implemented. No unrelated credentials, binaries, or config paths are requested. Minor note: requirements.txt lists 'asyncio' (part of the stdlib) and 'aiohttp' — aiohttp is plausible for async networking but the presence of asyncio on PyPI is unnecessary.
Instruction Scope
SKILL.md only instructs installing requirements and running the TangSystem example. It does not instruct reading unrelated files, environment variables, or sending data to unknown endpoints. The runtime instructions are scoped to running the local multi-agent flow.
Install Mechanism
There is no custom install spec; SKILL.md advises 'pip install -r requirements.txt' which pulls packages from PyPI. This is common but has moderate risk compared to a purely instruction-only skill because dependencies (aiohttp) will be installed from the public registry. The 'asyncio' entry is unnecessary and may be a packaging oversight.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code shown does not access environment secrets or external auth tokens.
Persistence & Privilege
The skill is not forcibly persistent (always:false) and uses normal agent invocation. It does not request system-wide changes or modify other skills' configurations in the provided code.
Assessment
This skill appears internally consistent and implements the described local multi-agent framework. Before installing: (1) inspect the rest of tang_agents.py to confirm there are no hidden network calls, hardcoded endpoints, or code that sends data externally (the file provided in the package should be reviewed end-to-end); (2) verify whether aiohttp is actually used — if not, the requirements file can be tightened; (3) run the package in a sandboxed environment first (or in a virtualenv) to observe network activity and avoid side effects; (4) prefer pinned dependency versions from trusted sources, and be cautious about installing packages from PyPI in sensitive environments. If you want, I can scan the remaining portion of tang_agents.py for any network requests or suspicious patterns (HTTP requests, sockets, subprocess usage) and report back.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xh9z9h0mhc4eek0np29gan83zjmh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments