ClawHub

Agent Builder

v1.1.0

Build high-performing, secure OpenClaw agents and multi-agent teams end-to-end. Generates required OpenClaw workspace files (SOUL.md, IDENTITY.md, AGENTS.md,...

0· 253·0 current·0 all-time
by@ollieb89·fork of @plgonzalezrx8/agent-builder (1.0.0)
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided artifacts: SKILL.md describes generating workspace files and the repo contains templates plus two helper scripts (scaffold + validate). There are no unrelated credentials, binaries, or external services requested.
Instruction Scope
SKILL.md stays focused on interviewing the user and producing workspace files and tests. It does instruct persistence of user-confirmed 'memory' (e.g., 'If the user says “remember this”, persist it'), which is appropriate for a memory workflow but requires explicit user consent and careful handling of sensitive data. Otherwise, instructions do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only). The included scripts are small, deterministic, and local-only: scaffold-workspace.sh writes files into a target directory; validate-workspace.py runs static checks. No network downloads or remote code execution are present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The instructions explicitly advise not to store secrets in the workspace. The scope of requested access (writing a workspace in a target directory) is proportionate to the skill's purpose.
Persistence & Privilege
Skill is not marked always:true and uses normal autonomous invocation defaults. It does write files to the filesystem when scaffolding a workspace, which is expected behavior for a scaffold utility and is limited to the specified target directory.
Assessment
This skill appears to do what it says: scaffold an OpenClaw agent workspace and validate it. Before running: (1) inspect the scaffold script and validator (they are small and local but will create files/directories where you run them); (2) run the scaffold in an isolated or empty directory (or pass a target dir) to avoid accidental overwrites; (3) never place secrets into the generated workspace — follow the skill's own advice to keep credentials under a secure config path; (4) be aware the workflow can persist user-provided 'memory' if you tell it to — don't ask it to remember sensitive data; (5) run the provided validate-workspace.py to confirm guardrails are present. If you need higher assurance, request the publisher/source or review the full SKILL.md and scripts line-by-line before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977dd05529jfgv7betvamcdbx82b6ny
253downloads
0stars
1versions
Updated 1mo ago
v1.1.0
MIT-0
@ollieb89
latest
Download

Omni-Agent Builder (OpenClaw)

Design and generate a complete OpenClaw agent workspace with robust defaults:

  • secure-by-default operating rules
  • optional multi-agent orchestration (Planner / Executor / Critic)
  • Personal Intelligence (Pi) memory workflow (MEMORY.md + daily logs)
  • evaluation + acceptance tests
  • CLI notes for fast local iteration

Canonical references (read these first)

  1. Workspace layout + bootstrap file load order + heartbeat rules: references/openclaw-workspace.md
  2. File templates/snippets: references/templates.md
  3. Background (agent architecture: planning / memory / tool use): references/architecture.md

Default outputs (workspace files)

Minimum viable workspace (always generate):

  • AGENTS.md (cross-cutting rules; sub-agents only get this + TOOLS.md by default)
  • SOUL.md
  • TOOLS.md
  • IDENTITY.md
  • USER.md
  • HEARTBEAT.md (usually empty to avoid token sink)
  • BOOTSTRAP.md (one-time ritual; delete after completion)

Optional (generate if requested or clearly beneficial):

  • MEMORY.md (curated long-term memory; private/main session only)
  • memory/YYYY-MM-DD.md (daily log seed)

Workflow: build a new agent/team from scratch

Phase 1 — Tight interview (clarifying questions)

Ask only what you need. Prefer 1–2 short rounds.

  1. Mission + autonomy

    • Mission (1 sentence)
    • Single agent or multi-agent orchestration?
    • Autonomy: Advisor / Operator / Autopilot

  2. Surfaces + boundaries

    • Channels: Telegram/WhatsApp/Discord/iMessage/Slack/etc.
    • Private DM only vs group channels?
    • “Ask before outbound messages” rule (default: ALWAYS ask)

  3. Tools + CLI usage

    • Must it run local openclaw CLI commands? Which quick aliases are desired?
    • Any repos/paths it should assume?

  4. Pi memory

    • Should it maintain curated MEMORY.md?
    • Categories: preferences, projects, people/orgs, “never do”, conventions, vocab
    • Privacy: what must never be stored?

  5. Bootstrapping ritual

    • Any first-run steps (connect channels, create folders, install deps)?

  6. Evaluation

    • What metrics define success?
    • 5–10 acceptance tests you want it to pass (we’ll propose defaults if none)

Phase 2 — Generate the workspace files

Generate the files listed above. Use the templates but tailor to the user’s answers.

Required global guardrails to include (at minimum):

  • Ask-before-destructive (prefer trash over rm; create backups; show diffs)
  • Ask-before-outbound (never send messages/emails/DMs/calls without explicit approval)
  • Stop-on-CLI-error (unknown flag/exit code → run --help, correct, retry)
  • No secrets in repo (credentials/config belong under ~/.openclaw/…, not the workspace)
  • Group etiquette (don’t claim to be the user; don’t leak private memory)
  • Loop breaker (max iterations; escalate to user with options)

Phase 3 — Orchestration (if multi-agent)

If multi-agent, define roles in AGENTS.md:

  • Planner

    • breaks tasks into steps
    • identifies risks + guardrails
    • defines acceptance tests

  • Executor

    • runs tools/edits files
    • maintains change log + rollback notes
    • stops on errors and recovers via --help / docs

  • Critic

    • reviews outputs for safety + completeness
    • checks for policy violations, overreach, and missing requirements
    • proposes fixes (minimal diffs)

Delegation contract (must be in AGENTS.md):

  • Context to pass: goal, constraints, definition of done, relevant workspace excerpts
  • Explicit do-nots: no destructive actions; no outbound messages; no secrets

Phase 4 — Pi memory workflow (recommended defaults)

  • Append raw notes to memory/YYYY-MM-DD.md (daily log; append-only)
  • Curate durable items into MEMORY.md (preferences, stable facts, conventions)
  • Only load/use MEMORY.md in main private session; avoid in group channels
  • If the user says “remember this”, persist it

Phase 5 — Evaluation + acceptance tests

Provide 5–10 short test prompts. Include at least:

  • Safety test (draft but do not send; ask before sending)
  • CLI recovery test (unknown flag → --help recovery)
  • Pi retention test (store + recall a preference correctly)
  • Orchestration test (delegate; show what context was passed)
  • Group chat etiquette test (avoid leaking private memory)

Workflow: iterate on an existing agent

  1. Identify the top failure modes (overreach, loops, verbosity, hallucinations, unsafe actions).
  2. Decide if changes belong in:
    • SOUL.md (tone/persona)
    • AGENTS.md (rules, delegation, memory workflow)
    • HEARTBEAT.md (keep tiny; avoid deep thinking)
    • TOOLS.md (environment notes + CLI aliases)
  3. Propose minimal diffs with rollback notes.
  4. Add/update acceptance tests.

Deliverable format

When you output a workspace:

  • Print each file with a heading and a fenced code block.
  • If generating a zip, include the complete directory tree and a short “how to install” section.

Comments

Loading comments...