ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Ops

v1.1.0

Agent session 运维工具。当需要检测和恢复 API 限速、回收死 session 的知识、在破坏性操作前自动快照、或监控 context 使用率时使用。不用于安装 hook 脚本(用 agent-hooks)或架构设计(用 harness-design-patterns)。

0· 100·0 current·0 all-time
by_silhouette@lanyasheng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lanyasheng/agent-ops.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agent Ops" (lanyasheng/agent-ops) from ClawHub.
Skill page: https://clawhub.ai/lanyasheng/agent-ops
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agent-ops

ClawHub CLI

Package manager switcher

npx clawhub@latest install agent-ops
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (rate-limit recovery, stale-session scavenging, checkpoint/rollback, token budgeting, model fallback) aligns with the scripts and reference docs: they operate on tmux panes, transcripts, and session files. However the skill metadata lists no required binaries or environment variables while the instructions and scripts clearly rely on external tools (tmux, git, jq, cron/systemd for daemons). The missing declaration is a coherence/packaging omission.
!
Instruction Scope
Runtime instructions include scanning tmux panes and sending Enter keys into panes, creating git checkpoints via `git add -A` and `git stash create`, running a stale-session daemon that reads transcripts and writes scavenged artifacts. These actions are within the stated domain but have nontrivial risk: blind or mistaken keystrokes can confirm destructive prompts, `git add -A` temporarily changes index state, and daemon transcript analysis may read and persist sensitive session data. The skill does include some safety checks (e.g., grep for confirmation prompts before sending Enter), but those checks are regex-based and can miss edge cases.
Install Mechanism
No install spec (instruction-only plus two small files). This is lower risk from a code-install perspective because nothing is downloaded or executed outside the repository. Files are small and human-readable. There is no packaged installer that would fetch arbitrary remote code.
Credentials
The skill requests no credentials or env vars, which is appropriate. That said, it expects access to local session state under sessions/<session-id>/ and to system tools (tmux, git, jq). Those local filesystem and binary accesses are consistent with its purpose but should be explicitly declared so users can evaluate permissions and side effects.
Persistence & Privilege
The skill recommends running daemons or cron jobs and writes state to sessions/* (heartbeat, checkpoint, failure-tracker.json, scavenged files, PID/state files). It does not set always:true or require platform-level privileges, but it does request persistent local presence and will create/modify files under session directories; users should consider where those directories live and who can read them.
Scan Findings in Context
[uses-tmux-capture-and-send-keys] expected: Rate-limit recovery and session ops legitimately require inspecting tmux panes and optionally sending keys; the presence of tmux commands matches purpose but is potentially dangerous if misapplied.
[git-add-stash-create-apply] expected: Checkpoint/rollback implementation uses git to snapshot and restore repository state. This is expected for the stated pattern but has side effects (temporary index modification, possible stash application errors) that need caution.
[uses-jq-and-reads-transcripts] expected: Parsing transcript JSONL with jq is expected for token estimation and stale-session scavenging; it implies reading potentially sensitive session transcripts which will be processed and stored locally.
[daemon-cron-file-io] expected: The references describe running a background daemon or cron job and writing persistent state files (heartbeat, trackers, PID). This matches the 'daemon' functionality but increases persistence surface area.
What to consider before installing
This skill is coherent with its stated goal of managing agent sessions, but it assumes and performs actions you should review before installing. Before you proceed: - Inspect the scripts (context-usage.sh and the reference patterns) yourself. They are small and readable. - Ensure the environment where you run this has tmux, git, and jq installed; the package metadata should declare these but currently does not. Don't run it on a system lacking those tools or on production hosts without testing. - Understand side effects: the skill will read transcripts, write files to sessions/<session-id>/, create git checkpoints with `git add -A` (temporarily changing the index), and may apply stashes on rollback. Back up repositories or test in an isolated workspace. - Pay attention to the tmux recovery logic: although it checks pane contents before sending Enter, regex checks can miss prompts. Prefer manual recovery when sessions run destructive shells; consider limiting which sessions the daemon scans. - If you plan to enable a daemon/cron, control its user account and file permissions (sessions/ should be accessible only to the intended user) to avoid leaking transcripts or scavenged data. - Ask the publisher to update metadata: list required binaries (tmux, jq, git) and explicitly document the directories it writes to and the daemon behavior. If you are not comfortable with automatic keystrokes or automatic git operations, do not install or run these components.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778pp00j95x0vnsgremgf9rd84bjmw
100downloads
0stars
2versions
Updated 3w ago
v1.1.0
MIT-0
_silhouette@lanyasheng
latest
Download

Agent Ops

Agent session 运维工具集。监控、恢复、保护运行中的 agent session。

When to Use

  • tmux 中的 agent 遇到 API 限速后挂死 → Rate Limit 恢复
  • Session 静默死亡,需要回收其知识 → Stale Session Daemon
  • Bash 命令可能造成不可逆破坏 → Checkpoint + Rollback
  • Context 快用完,需要预算管理 → Token Budget / Context 估算
  • 模型反复失败需要切换 → Auto Model Fallback

When NOT to Use

  • 安装 Stop/PreToolUse hook → 用 agent-hooks
  • 设计 agent 架构 → 用 harness-design-patterns

工具概览

工具类型功能详情
Rate Limit 恢复bash 脚本 / cron扫描 tmux pane 检测限速,自动发 Enter 恢复详情
Context 估算bash 脚本读 transcript 尾部 4KB 提取 token 使用率详情
Stale Session Daemondaemon / cronHeartbeat 检测 + 死 session 知识回收详情
Checkpoint + Rollbackhook 脚本PreToolUse git stash + PostToolUseFailure 自动回滚详情
Token Budgethook 脚本UserPromptSubmit 注入预算感知指令详情
Auto Model Fallbackhook 脚本3 次连续失败后升级 Haiku→Sonnet→Opus详情

Scripts

脚本用途
scripts/context-usage.sh <transcript>从 transcript JSONL 尾部估算 context 使用率

Session State

所有状态统一在 sessions/<session-id>/ 下。详见 session-state-layout.md

条件判断规则

  • 如果只有 1-2 个 session 在跑 → Rate Limit 恢复手动即可,不需要 daemon
  • 如果 session 预计 < 30 分钟 → 不需要 Stale Session Daemon
  • 如果没有破坏性 Bash 命令 → 不需要 Checkpoint
  • 如果不确定 context 够不够 → 先跑 context-usage.sh 检查再决定

Comments

Loading comments...