Event Orchestrator
v0.1.0基于事件驱动架构的多技能编排器,支持事件发布订阅、中间件链处理及状态机管理,实现复杂业务流程协同。
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included source files (src/event-bus.js, middleware-chain.js, state-machine.js, src/index.js). No required env vars, binaries, or config paths that are unrelated to an orchestrator are declared.
Instruction Scope
SKILL.md usage and examples are limited to requiring the local module, subscribing/publishing events, and adding middleware. The runtime instructions ask to run `npm install` in the skill folder and demonstrate using the local API; they do not instruct the agent to read unrelated files, exfiltrate data, or call unknown external endpoints. A minor note: SKILL.md lists CLI-style commands (openclaw event ...) but the package does not include a published CLI wrapper — these appear to be usage conventions rather than hidden behavior.
Install Mechanism
No registry install spec was provided; the SKILL.md recommends running `npm install` in the skill directory. package.json has only devDependencies (jest, eslint) and no external install URLs or archive downloads. There are no extract-from-URL installs or non-standard binary placements.
Credentials
The skill declares no required environment variables, no primary credential, and no config path access. The code and docs do not reference secrets or unrelated service tokens.
Persistence & Privilege
Registry flags are default (always:false, user-invocable:true, model invocation allowed). The skill does not request persistent system-wide privileges, nor does it indicate modifying other skills or global agent settings.
Assessment
This skill appears coherent and implements the described orchestrator. Before installing: (1) run the tests locally (npm test) in an isolated environment, (2) inspect package-lock.json for unexpected dependencies, and (3) review src/*.js for any network calls or use of eval if you plan to run it in production. Note the registry entry had no homepage while clawhub.json contains a homepage URL — if provenance matters, verify the author/repository independently. Finally, be aware that installing runs npm (which will contact the npm registry); run it where you control network/permissions if that's a concern.Like a lobster shell, security has layers — review code before you run it.
latestvk972he429yyzr3mcq29sc9494184jczv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.