ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

帝国架构 Empire Architecture

v1.5.0

基于中国古代三公九卿制的 AI 多智能体协作系统。 8 个核心 Agent 节点(丞相/三参谋/三曹/锦衣卫)+ 翰林院知识管理层(9 大学士)。 支持皇帝审批机制、知识审计、本地 RAG。纯 Python,零外部依赖。 A multi-agent AI collaboration system inspired...

0· 14·0 current·0 all-time
by@aaroncxxx

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aaroncxxx/empire-architecture.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "帝国架构 Empire Architecture" (aaroncxxx/empire-architecture) from ClawHub.
Skill page: https://clawhub.ai/aaroncxxx/empire-architecture
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install aaroncxxx/empire-architecture

ClawHub CLI

Package manager switcher

npx clawhub@latest install empire-architecture
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a pure-Python multi-agent framework; the repository contains code that implements that (agents, orchestration, knowledge connectors, local RAG, audit, token tracking). That capability justifies needing an LLM API endpoint and optional knowledge-source credentials. However the registry metadata claims no required env vars or config paths while SKILL.md and code clearly expect MIMO API credentials and may read a ~/.openclaw/openclaw.json fallback — this mismatch is inconsistent and surprising.
!
Instruction Scope
SKILL.md instructs setting MIMO_API_KEY and MIMO_API_ENDPOINT and editing lite/knowledge/config.py to enable external knowledge sources. The code supports ingesting URLs/files (local RAG), reading/writing local files (data/tokens.db, audit logs), and will attempt network calls to the configured LLM endpoint and optional external knowledge sources. These actions are within the apparent purpose but SKILL metadata omitted these runtime requirements and the code will also try to read a home OpenClaw config (~/.openclaw/openclaw.json) as a fallback for credentials — reading that user config is unexpected and should be explicitly declared.
Install Mechanism
No install spec is provided (instruction-only / source-included). There are no external package downloads or installers in the manifest; the project claims zero external Python dependencies and the code uses only standard-library modules. This is low install risk, but files will be written (sqlite DB, audit logs, local RAG indexes) when run.
!
Credentials
SKILL.md and code require MIMO_API_KEY and MIMO_API_ENDPOINT for normal operation. Registry metadata lists no required env vars — that mismatch is problematic. Additionally, code will fall back to reading ~/.openclaw/openclaw.json to source API keys, which gives the skill implicit access to credentials stored in the user's OpenClaw config; this is disproportionate unless the user expects it. The knowledge layer supports many optional external providers (Tencent Cloud, Feishu, Notion, ModelScope, etc.) that would require further secrets if enabled; those are optional but must be configured in files, increasing credential footprint if activated.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It will create and write local files (data/tokens.db, audit logs, local RAG index directories) and may modify lite/knowledge/config.py per README instructions. It does not appear to change other skills' configs or request permanent platform-wide privileges, but it will persist token/usage data locally and can read a home OpenClaw config — review what secrets are stored there before running.
Scan Findings in Context
[pre-scan-injection] unexpected: Static pre-scan reported no injection signals. However code performs network I/O (urllib), reads home config (~/.openclaw/openclaw.json) and writes local sqlite files; absence of regex flags does not imply absence of sensitive behavior.
What to consider before installing
What to check before installing/running: - Expect to provide an LLM API key and endpoint (MIMO): SKILL.md and the code require MIMO_API_KEY and MIMO_API_ENDPOINT. The registry metadata not listing env vars is a mismatch — do not rely on metadata alone. - Inspect ~/.openclaw/openclaw.json (if present): the code will read this file as a fallback for API credentials. If you store other provider keys there, the skill may access them. Move sensitive keys or run in an isolated account/environment if you do not want that. - Prepare for local persistence: the skill creates/writes data/tokens.db, audit logs, and local RAG index directories under the project (./data/...). These files may contain token usage and cached knowledge. - Knowledge connectors are optional but can require additional secrets (Tencent Cloud, Feishu, Notion, ModelScope, etc.). Only enable/configure the connectors you trust and understand; follow the README instructions to edit lite/knowledge/config.py rather than dropping secrets into your home config. - Network behavior: the agents call the configured LLM endpoint and can fetch URLs (local RAG ingest_url). If you plan to let the system ingest local files or remote URLs, audit what paths/URLs you allow. - Run in an isolated environment (VM/container) or with limited credentials initially: give it a minimal LLM key with strict quotas and avoid storing broad credentials in your home config. Review code paths that read config files and that perform network I/O before trusting with sensitive data. If you want, I can list the exact file locations the code reads/writes and the lines where the fallback to ~/.openclaw/openclaw.json occurs so you can audit or patch them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97an2wz5hcchmcbdpcd66b0e985fkj6
14downloads
0stars
1versions
Updated 4h ago
v1.5.0
MIT-0
@aaroncxxx
latest
Download

帝国架构 Empire Architecture

基于中国古代三公九卿制的 AI 多智能体协作系统。

When to Use

SituationUse this skill?
复杂任务需要多 Agent 协作✅ Yes
需要角色分工(战略/技术/情报/执行)✅ Yes
需要安全审计输出✅ Yes
需要知识库增强决策✅ Yes
简单单轮问答❌ No

Quick Start

v1.1 精简版(零依赖)

cd lite
export MIMO_API_KEY="your-key"
export MIMO_API_ENDPOINT="https://your-endpoint/v1"
python3 main.py              # 交互模式
python3 main.py "你的指令"    # 单次执行
python3 main.py --status     # 查看状态

v1.4/v1.5 知识增强版

cd lite
export MIMO_API_KEY="your-key"
export MIMO_API_ENDPOINT="https://your-endpoint/v1"
python3 v14_runner.py "你的指令"

Architecture

皇帝(人类用户)
  │
  ├─ 丞相(AI 总协调器)
  │     ├─ 谋略参谋 — 战略分析、风险评估
  │     ├─ 技术参谋 — 技术方案、架构设计
  │     ├─ 情报参谋 — 信息收集、数据分析
  │     ├─ 文曹 — 文档撰写、内容创作
  │     ├─ 码曹 — 代码开发、自动化工具
  │     ├─ 查曹 — 信息检索、事实核查
  │     └─ 锦衣卫 — 安全审计、合规检查
  │
  └─ 翰林院祭酒(知识管理总管)
        ├─ 腾讯云大学士
        ├─ 飞书大学士
        ├─ Notion 大学士
        ├─ 本地 RAG 大学士
        ├─ WaytoAGI 大学士
        ├─ DataWhale 大学士
        ├─ ModelScope 大学士
        └─ LiblibAI 大学士

Version History

VersionFeatureStatus
v1.041 nodes + federated learning (design doc)📄 Design
v1.18 nodes + zero dependencies + CLI✅ Runnable
v1.3Hanlin Academy + 4 knowledge sources✅ Runnable
v1.4Community knowledge + emperor approval✅ Runnable
v1.5Evaluation report + knowledge runner✅ Runnable

Requirements

  • Python 3.10+
  • MiMo API Key (or any OpenAI-compatible LLM API)
  • Zero external Python dependencies (pure stdlib)

License

MIT

Comments

Loading comments...