ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

taichi

v2.1.0

太极架构多 Agent 协作框架,支持集中式、分布式,元混合三种执行模式。基于 Redis 消息总线,实现 Planner/Drafter/Validator/Dispatcher 四个阶段的工作流。

0· 75·0 current·0 all-time
byIndivisible@indivisible2025

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for indivisible2025/taichi.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "taichi" (indivisible2025/taichi) from ClawHub.
Skill page: https://clawhub.ai/indivisible2025/taichi
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install taichi

ClawHub CLI

Package manager switcher

npx clawhub@latest install taichi
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-agent orchestration using Redis) match the shipped code and SKILL.md: orchestrator, CentralizedBus/DistributedBus, Agent classes, Worker implementations, configs and a skill manifest are present. There are no unrelated credentials, binaries, or external downloads requested. One minor inconsistency: registry metadata listed this as 'instruction-only' but the package includes full source and install scripts (not a security problem by itself, but worth noticing).
!
Instruction Scope
SKILL.md instructs running the framework in a venv and requires Redis — that's coherent. However the framework's SkillExecutor executes commands via asyncio.create_subprocess_shell with naive template substitution (string replace) and only a first-word whitelist check. Because commands are executed through the shell, poorly configured skill manifests or untrusted task parameters could enable shell injection or arbitrary command execution. The runtime also reads permission files and YAML manifests from the package; verify those before use.
Install Mechanism
No network download install spec in registry; code includes local install.sh and venv-based installation that will pip-install pinned requirements.txt. No remote archive downloads or obscure URLs present in the provided files.
Credentials
The package does not require external credentials or environment variables in registry metadata. It expects a reachable Redis instance and local venv — which is proportional to a Redis-based orchestration framework. Note: if your Redis requires authentication you will need to supply credentials in config; the skill does not itself request cloud/secret env vars.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. It persists runtime state to a local workspace and SQLite DB (expected for orchestration) and can run autonomously (default), which is the platform norm.
Assessment
This package appears to be what it says: a Redis-based multi-agent orchestration framework. Before installing: (1) review configs/configs/skills/manifest.yaml and configs/communication.yaml to ensure allowed_commands and permission rules are strict; (2) inspect install.sh and start.sh and run them in an isolated environment or container (do not run as root); (3) secure Redis (bind to localhost or require AUTH) to avoid exposing the message bus; (4) be aware that tasks can cause the framework to run shell commands — template substitution is simple string replacement and commands are executed via the shell, so untrusted task input or a lax skill manifest can lead to command injection or arbitrary command execution; (5) if you will accept tasks from external/untrusted sources, harden the allowed_commands whitelist and/or use non-shell executors. If you want a more thorough risk assessment, provide the contents of configs/skills/manifest.yaml and configs/communication.yaml and the orchestrator invocation options.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ycqd27z4ca876ak7vd3rf584b6hj
75downloads
0stars
1versions
Updated 3w ago
v2.1.0
MIT-0
Indivisible@indivisible2025
latest
Download

太极架构 (Taichi Framework)

多 Agent 协作框架,支持三种执行模式。

使用方式

当用户需要使用太极框架执行任务时,通过 exec 工具调用:

cd $HOME/.openclaw/workspace/taichi-framework && \
source venv/bin/activate && \
python orchestrator.py --mode <模式> --request "<任务描述>"

三种模式

模式命令适用场景
集中式--mode centralized线性依赖任务(默认)
分布式--mode distributed --workers N数据并行任务
元混合--mode hybrid --workers P,D,V,DP多阶段复杂任务

示例

集中式

cd $HOME/.openclaw/workspace/taichi-framework && \
source venv/bin/activate && \
python orchestrator.py --mode centralized --request "分析日志文件 app.log"

分布式(5个Worker并行)

cd $HOME/.openclaw/workspace/taichi-framework && \
source venv/bin/activate && \
python orchestrator.py --mode distributed --workers 5 --request "处理数据: 1,2,3,4,5"

元混合

cd $HOME/.openclaw/workspace/taichi-framework && \
source venv/bin/activate && \
python orchestrator.py --mode hybrid --workers 3,5,3,2 --request "复杂任务"

前置要求

  • Redis 运行中(redis-server
  • Python 虚拟环境已安装(./install.sh

Comments

Loading comments...