ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

multi-agent-writer

v1.0.1

Use when requests involve writing articles, generating news, fetching hotspots, or producing content for social media (WeChat, Xiaohongshu, etc.). Triggers i...

1· 105·0 current·0 all-time
by@gonelake

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gonelake/multi-agent-writer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "multi-agent-writer" (gonelake/multi-agent-writer) from ClawHub.
Skill page: https://clawhub.ai/gonelake/multi-agent-writer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install multi-agent-writer

ClawHub CLI

Package manager switcher

npx clawhub@latest install multi-agent-writer
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a multi-agent writer and the included scripts and SKILL.md describe exactly that workflow (search -> generate -> review). However the registry metadata lists no required environment variables or primary credential while SKILL.md clearly documents a needed LLM API key (LLM_API_KEY/LLM_BASE_URL/LLM_MODEL). This is an inconsistency: a writing/LLM skill reasonably needs an API key, so the manifest omission is surprising and should be corrected.
Instruction Scope
Runtime instructions stay within the stated purpose: call DuckDuckGo (ddgs) for hotspots and call LLM provider APIs to generate/review content. The instructions do expect access to a .env LLM_API_KEY for production, can run python main.py (demo or production), and will perform network calls to search engines and LLM endpoints. There is no evidence in the provided files of unrelated file-system harvesting or hidden exfiltration, but the code that performs network/LLM calls is fetched from the remote repo at install time (see install mechanism).
!
Install Mechanism
install.sh clones https://github.com/gonelake/multi-agent.git (un-pinned branch) into ~/.skills/multi-agent and may pip install requirements.txt. Cloning an external GitHub repo at install time means arbitrary remote code will be written and later executed on your machine; there is no pinned commit, checksum, or release linking in the installer. While GitHub is a common source, this pattern increases risk compared to a fully-contained, vendored skill.
!
Credentials
The registry declares no required env vars or primary credential, but SKILL.md documents LLM_API_KEY and optional LLM_BASE_URL/LLM_MODEL and production mode requires them. Asking for an API key for LLM access is proportionate to the stated function, but the manifest's omission is a red flag (it prevents automated gating/review of secrets requirements). The skill also supports multiple external LLM endpoints (including a default base_url pointing at api.moonshot.cn), so users should be aware networked model providers will receive content.
Persistence & Privilege
always:false and default autonomous invocation are fine. The installer registers a SKILL.md into agent skill directories (~/.codebuddy/.claude/.openclaw), i.e., it writes files to those agent folders, which is expected for installing a skill. It does not appear to change other skills' configurations or request permanent elevated privileges beyond writing into user home paths.
What to consider before installing
This skill appears to be a multi-agent content generator and is broadly coherent with that purpose, but take these precautions before installing: - Expect to provide an LLM API key (LLM_API_KEY) for production; the registry metadata does not list it — verify and be prepared to store this secret appropriately. - The installer will git-clone a remote GitHub repository (un-pinned) into ~/.skills/multi-agent and may pip install its requirements. Review the remote repo (https://github.com/gonelake/multi-agent) and the code it contains before running install.sh. Prefer a pinned commit or release tag if possible. - Running the skill can send text (hotspots and generated drafts) to external LLM endpoints; the SKILL.md defaults to api.moonshot.cn. If you cannot trust that endpoint, change LLM_BASE_URL or use demo mode. - Run install and first executions in a sandboxed environment or VM, inspect requirements.txt, and run pytest locally to validate behavior. - Ask the author/registry to update the manifest to declare required env vars and primary credential, and to avoid cloning un-pinned branches (or provide checksums/tags). If you need higher assurance, request a vendored distribution (no remote clone) or an install that pins a commit or release.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bczqyv94z7cjzpkf8cbj33h83wx6w
105downloads
1stars
2versions
Updated 4w ago
v1.0.1
MIT-0
@gonelake
latest
Download

Multi-Agent Writer

三阶段多智能体写作流水线:

  1. 热点抓取 — DuckDuckGo 搜索近7天实时新闻,LLM 筛选推荐选题
  2. 文章撰写 — WriterAgent 生成微信公众号风格文章(含3组备选标题)
  3. 审校循环 — ReviewerAgent 按5维度打分,低于通过线则自动触发修改,最多 N 轮

项目已安装至:<INSTALL_DIR>

快速调用

Demo 模式(无需 API Key,约1秒完成)

cd <INSTALL_DIR>
python main.py --demo
python main.py --demo --topic "量子计算" --words 800

生产模式(需要 .env 配置 LLM API Key)

cd <INSTALL_DIR>
python main.py --topic "AI" --words 1000 --pass-threshold 85

全部 CLI 参数

参数类型默认值说明
--topicstr"AI"关注的领域/话题
--countint5抓取热点数量
--stylestr"深度分析"文章写作风格
--wordsint1000目标字数
--max-revisionsint2最大审校-修改轮次
--pass-thresholdint85审校通过最低分(1-100)
--outputstr"output.json"输出文件路径
--demoflagFalse使用 Mock LLM,无需 API

输出文件

文件格式内容
output.jsonJSON完整结果:热点、文章、审校历史、耗时
output.mdMarkdown可直接复制的文章正文
experiments.tsvTSV追加实验记录(分数、状态、通过线等)

Python 程序化调用

import sys
sys.path.insert(0, "<INSTALL_DIR>")

from orchestrator import Orchestrator
from base_agent import LLMClient
from config import ReviewConfig, LLMConfig
from search import DuckDuckGoSearchClient

llm_config = LLMConfig.from_env()
llm = LLMClient(
    api_key=llm_config.api_key,
    base_url=llm_config.base_url,
    model=llm_config.model,
    api_style=llm_config.api_style,
)

orchestrator = Orchestrator(
    llm=llm,
    max_revisions=2,
    review_config=ReviewConfig(pass_threshold=85),
    search_client=DuckDuckGoSearchClient(),
)

result = orchestrator.run(
    topic="AI",
    hotspot_count=5,
    article_style="深度分析",
    article_word_count=1000,
)

print(result.final_article["title"])
print(result.final_article["content"])

审校维度(5维,共100分)

维度权重说明
内容洞察力30分新颖观点、信息价值
可读性25分短段落、移动端友好
标题吸引力20分点击率、情绪共鸣
结构流畅性15分开篇钩子、逻辑递进
准确性10分事实正确

环境配置(.env 文件)

LLM_API_KEY=your-api-key
LLM_BASE_URL=https://api.moonshot.cn/v1  # 可选
LLM_MODEL=moonshot-v1-8k                 # 可选
LLM_API_STYLE=openai                     # openai 或 anthropic

支持:Kimi、DeepSeek、OpenAI、Claude、Qwen、GLM、Ollama 等兼容 OpenAI/Anthropic API 的模型。

常见场景

# 生成科技领域热点文章
python main.py --topic "AI大模型" --words 1500 --style "深度分析"

# 严格评分 A/B 测试
python main.py --demo --pass-threshold 90 --description "strict_90"
python main.py --demo --pass-threshold 75 --description "loose_75"

# 运行测试(验证系统完整性)
cd <INSTALL_DIR> && pytest

关键文件

<INSTALL_DIR>/
├── main.py           # CLI 入口
├── orchestrator.py   # 工作流协调器
├── agents.py         # 3个业务智能体
├── base_agent.py     # LLMClient、BaseAgent 框架
├── config.py         # 配置类
├── search.py         # DuckDuckGo 搜索封装
└── tests/

Comments

Loading comments...