Codex Hook

v1.0.2

OpenClaw 智能任务执行系统 - 支持任务派发、执行、监控（精简版）

⭐ 1· 405·1 current·1 all-time

by@lonelybeanz

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's stated purpose (task dispatch / execute / monitor / auto-merge) aligns with the included scripts which perform worktree creation, tmux-based execution, codex runs, git push / PR creation, CI checks and notifications. However the registry metadata declares no required env vars or credentials even though functionality clearly needs GitHub auth, Telegram/webhook tokens, and other tooling. That absence is an incoherence: someone implementing Git/PR automation legitimately needs credentials and the package should declare them.

Instruction Scope

SKILL.md and the scripts instruct the agent to read and write files under $HOME and /tmp (project dirs, ~/.openclaw/.env, /tmp/codex-results, /tmp/codex-tasks), create worktrees or copy project files, run codex/acpx with full-auto, run git push and gh PR create/merge, start tmux sessions, and POST notifications to external endpoints. Those actions are coherent with an automation skill, but they give the skill broad access to local repositories, local memory/context files, and configured external endpoints (Telegram/Discord/webhook). The SKILL.md even suggests exporting ~/.openclaw/.env which could expose many secrets — the instructions therefore permit reading/transmitting potentially sensitive data.

✓

Install Mechanism

There is no install spec (instruction-only in registry), so nothing is pulled from arbitrary URLs at install time. However the package includes multiple executable shell scripts which will be placed on disk when the skill is installed — the lack of an install step reduces installer risk but the shipped scripts will run on the host when invoked.

Credentials

Registry metadata lists no required env vars or primary credential, but scripts reference and expect many environment values and tools: GITHUB_TOKEN (or gh auth), TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, DISCORD_WEBHOOK, WEBHOOK_URL, CODEX_DIR/CODEX_RESULT_DIR, and others. The skill also expects external CLIs (codex, acpx, gh, tmux, jq, git, curl). Requesting no credentials in metadata while the runtime calls will read ~/.openclaw/.env and use these tokens is a discrepancy and increases risk of silent exposure or misconfiguration.

✓

Persistence & Privilege

always is false and the skill does not request to modify other skills or global agent configuration. It writes/reads its own files under ~/.openclaw/skills and /tmp and creates worktrees in user directories — normal for this kind of tool. Autonomous invocation is allowed by default (not flagged on its own) but combine that with the environment/credential concerns above increases blast radius.

What to consider before installing

Before installing or enabling this skill, consider: 1) It will operate on your local repositories (create worktrees, push branches, create/merge PRs) — only use it against repos you trust and with a GitHub token scoped to the minimum needed privileges. 2) The package did not declare required env vars in metadata but its scripts expect TELEGRAM_BOT_TOKEN/TELEGRAM_CHAT_ID, DISCORD_WEBHOOK/WEBHOOK_URL, GITHUB_TOKEN (or gh auth), CODEX/Codex agent tooling, etc. Treat this as a configuration gap: verify and supply secrets consciously, not by blindly sourcing ~/.openclaw/.env. 3) The skill runs external CLIs (codex, acpx, gh, tmux, jq, curl, git) and may run codex in full-auto mode from a worktree — run it first in a disposable environment or sandbox (throwaway repo or VM) to observe behavior. 4) Inspect notify.sh and auto-merge.sh (they use curl/gh to send data and merge PRs) so you understand what data will be transmitted to configured endpoints. 5) If you must use it, grant least privilege tokens (narrow-scope GitHub token, dedicated Telegram bot/chat), avoid placing high-value secrets in ~/.openclaw/.env, and consider running the skill under an account with limited repository permissions. If possible, ask the author to update metadata to list required env vars and to document minimal token scopes and exact outbound endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97by8xkf237734dm12xd22dqx82xn2n

405downloads

1stars

3versions

Updated 7h ago

v1.0.2

MIT-0

核心脚本

脚本	功能	状态
task-execute.sh	单任务派发（推荐）	✅
codex-tasks.sh	任务管理入口	✅
task-registry.sh	任务注册表	✅
task-monitor.sh	任务监控	✅
notify.sh	通知系统	✅
auto-merge.sh	自动合并	✅
codex-progress-reporter.sh	进度汇报	✅
task-dispatcher.sh	任务调度器（高级）	⚠️ 可选

Worktree 管理策略

复用逻辑：

关联任务（同一项目）→ 复用现有 worktree
独立任务 → 新建 worktree

合并命令：

# 1. 在 worktree 中提交
git add .
git commit -m "feat: 描述"

# 2. 推送分支
git push -u origin <branch>

# 3. 创建 PR（需要手动或用 gh）

## 架构

OpenClaw (编排层) → codex-hook (执行层) ↓ ↓ 拆解任务并行执行 ↓ ↓ 子任务列表 tmux 隔离 ↓ ↓ 调用 codex-hook 监控+干预 ↓ 自动合并


## 依赖

- `bash` - 执行脚本
- `jq` - JSON 处理
- `tmux` - 任务隔离（可选）
- `gh` - GitHub CLI（自动合并需要）
- `codex` - Codex CLI
- `curl` - 发送通知

## 安装

脚本已位于：`~/.openclaw/skills/codex-hook/scripts/`

建议添加 alias 到 shell 配置：
```bash
# ~/.zshrc 或 ~/.bashrc
alias codex-tasks='bash ~/.openclaw/skills/codex-hook/scripts/codex-tasks.sh'

快速开始

# 1. 初始化
codex-tasks init

# 2. 执行任务（OpenClaw 拆解后调用）
codex-tasks execute parent-login '[{"name":"后端API","description":"实现登录API"},{"name":"前端","description":"实现登录页"}]'

# 3. 查看状态
codex-tasks status

核心文件

~/.openclaw/skills/codex-hook/scripts/
├── codex-tasks.sh       # 统一入口
├── task-registry.sh     # 任务注册表
├── task-dispatcher.sh   # 任务调度器
├── auto-merge.sh       # 自动 PR 创建、CI、检查、合并
├── task-monitor.sh      # 任务监控
└── task-splitter.sh    # 任务拆解（预留）

命令说明

命令	简写	说明	示例
`init`	`i`	初始化任务系统	`codex-tasks init`
`execute`	`run`	接收子任务并执行	`execute p1 '[{"name":"API"}]'`
`add-subtask`	`add`	添加单个子任务	`add p1 "API" "实现登录"`
`start`	-	开始执行所有子任务	`start p1`
`status`	`list`	查看状态	`status` / `status task-xxx`
`monitor`	`watch`	实时监控面板	`monitor`
`check`	-	单次检查任务状态	`check`
`intervene`	`send`	干预任务	`intervene t-xxx "消息"`
`stop`	`kill`	停止任务	`stop t-xxx`
`logs`	`log`	查看日志	`logs t-xxx`
`auto-merge`	`merge`	自动合并 PR	`auto-merge t-xxx`
`report`	-	汇报完成	`report t-xxx`
`cleanup`	`clean`	清理已完成任务	`cleanup 10`

工作流

1. OpenClaw 拆解任务

OpenClaw 负责分析需求，拆分为子任务列表：

[
  {"name": "后端API开发", "description": "实现用户登录API"},
  {"name": "前端页面", "description": "实现登录页面"},
  {"name": "单元测试", "description": "编写登录相关测试"}
]

2. 调用 codex-hook 执行

# 方式一：一次性接收所有子任务
codex-tasks execute <parent_id> '<子任务JSON>' [workspace]

# 方式二：逐个添加子任务
codex-tasks add-subtask <parent_id> "任务名" "描述"
codex-tasks add-subtask <parent_id> "任务名2" "描述2"
codex-tasks start <parent_id> [workspace]

3. 监控与干预

# 查看所有任务
codex-tasks status

# 实时监控
codex-tasks monitor

# 干预任务（发送消息到 tmux）
codex-tasks intervene <task_id> "停下，先做X"

# 停止任务
codex-tasks stop <task_id>

# 查看日志
codex-tasks logs <task_id>

4. 自动合并与汇报

# 自动合并 PR (CI检查 → 代码审查 → 合并)
codex-tasks auto-merge <task_id> [repo]

# 汇报完成
codex-tasks report <task_id> [telegram]

# 清理已完成任务
codex-tasks cleanup [保留数量]

任务注册表

位置: /tmp/codex-tasks/active-tasks.json
包含: 所有任务状态、子任务关系、日志

# 直接查看 JSON
codex-tasks json

# 清理已完成任务
codex-tasks cleanup 10

查看任务输出

# 任务目录
ls /tmp/codex-results/tasks/<task_id>/

# 执行日志
cat /tmp/codex-results/tasks/<task_id>/output.log

# 任务提示词
cat /tmp/codex-results/tasks/<task_id>/prompt.txt

监控设置 (可选)

# 方式一：加载环境变量后启动监控
export $(cat ~/.openclaw/.env | xargs) && codex-tasks monitor-start 60 &

# 方式二：直接指定间隔
codex-tasks monitor-start 60 &

注意：需要先配置通知环境变量才能收到进度/完成通知。

OpenClaw 集成示例

在 OpenClaw 中使用：

你: 实现用户登录功能

OpenClaw (拆解):
→ 分析需求，拆分为子任务
→ 调用 codex-hook 执行
→ 监控任务状态
→ 自动合并 PR
→ 汇报完成

通知配置

方式一：环境变量文件

推荐将配置写入 ~/.openclaw/.env：

# ~/.openclaw/.env
TELEGRAM_BOT_TOKEN="your-bot-token"
TELEGRAM_CHAT_ID="your-chat-id"
TELEGRAM_TOPIC_ID="123456"  # 可选，Forum 话题 ID
DISCORD_WEBHOOK="https://discord.com/api/webhooks/xxx"
WEBHOOK_URL="https://your-webhook.com/hook"
DEFAULT_CHANNEL="telegram"

启动监控时加载：

export $(cat ~/.openclaw/.env | xargs) && codex-tasks monitor-start

方式二：环境变量

# Telegram (用户/群组/话题)
export TELEGRAM_BOT_TOKEN="your-bot-token"
export TELEGRAM_CHAT_ID="your-chat-id"
export TELEGRAM_TOPIC_ID="123456"  # 可选，Forum 话题 ID

# Discord
export DISCORD_WEBHOOK="https://discord.com/api/webhooks/xxx"

# 通用 Webhook
export WEBHOOK_URL="https://your-webhook.com/hook"

# 默认渠道
export DEFAULT_CHANNEL="telegram"

通知类型

事件	通知内容
任务开始	任务ID、名称、时间
进度更新	进度条 (0-100%)、当前状态
任务完成	任务ID、名称、PR链接、时间
任务失败	任务ID、名称、错误信息
人工干预	干预消息

快速测试

# 测试发送
bash notify.sh send telegram "Hello"

# 测试进度条
bash notify.sh bar 50 "处理中..."

tmux 不可用

⚠️ tmux 不可用，使用后台执行

解决：安装 tmux brew install tmux

codex 命令找不到

解决：确保 codex 已安装并在 PATH 中

gh 命令找不到 (自动合并)

解决：安装 GitHub CLI brew install gh

Telegram 通知不工作

配置环境变量：

export TELEGRAM_BOT_TOKEN="your-bot-token"
export TELEGRAM_CHAT_ID="your-chat-id"

Comments

Loading comments...