Ocean Desk
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Real customer details or conversation summaries could be routed through the default public OceanBus environment, and any agent that can address the desk OpenID may be able to inject tickets if additional controls are not implemented elsewhere.
The documented inter-agent flow sends customer context to Ocean Desk over OceanBus, and the default endpoint is a public test server unless configured otherwise. The artifacts do not clearly show an allowlist or origin validation for which brand agents may create tickets.
OCEANBUS_BASE_URL ... Defaults to public test server ... 品牌 Agent ... 发 ocean-thread/v1 create 给 ocean-desk ... "customer_name" ... "ai_summary"
Before production use, configure a trusted OCEANBUS_BASE_URL, require/verify authorized brand-agent OpenIDs, validate message origin and protocol fields, and minimize customer data included in escalation payloads.
Customer-service history and AI-provided context will be retained locally and may influence human operators who review tickets.
Ticket records persist customer profiles, AI summaries, recommended actions, and conversation logs in a local JSON file.
const TICKETS_FILE = path.join(DATA_DIR, 'tickets.json'); ... context: { customer_profile: src.customer_profile || {}, ai_summary: src.ai_summary || '', recommended_actions: src.recommended_actions || [], conversation_log: src.conversation_log || [] }Use appropriate file protections, define retention/deletion procedures, and treat AI summaries or recommended actions as untrusted context that should be verified by staff.
Anyone who can read the local credentials file may be able to act as the Ocean Desk identity on OceanBus.
Setup registers an OceanBus identity and stores its API key locally for the desk.
const CRED_FILE = path.join(DATA_DIR, 'credentials.json'); ... fs.writeFileSync(CRED_FILE, JSON.stringify({ agent_id: agentId, api_key: apiKey, openid, created_at: new Date().toISOString() }, null, 2));Restrict access to ~/.oceanbus-desk, avoid sharing the credentials file, rotate the OceanBus API key if exposed, and remove the file when decommissioning the desk.
A mistaken or premature send command could deliver an incorrect customer-facing response.
The CLI can send replies back through the brand agent to customers; the workflow does call out human confirmation before sending.
→ 起草回复 draft / template use → 【人工确认】发送 send → ocean-thread/v1 reply → 品牌 Agent → 客户
Require explicit human review before running send, and consider adding an interactive confirmation or approval gate for production desks.
Future dependency updates could change runtime behavior after npm install.
The skill relies on an npm dependency with a semver range rather than a pinned exact version.
"dependencies": { "oceanbus": "^0.4.0" }Use a lockfile or pin/audit dependencies before deploying the desk in a production customer-service environment.
The desk may keep accepting new tickets while the listener process is running.
The listener is a long-running process that continuously watches for new work, which is expected for a help desk but should be explicitly managed.
node scripts/desk.js listen ... # 启动实时监听(保持运行)
Run the listener only in the intended environment, monitor it, and stop it when the desk should not accept new tickets.