DualAgentSolver
v0.1.0Run a two-agent collaborative problem-solving workflow where one agent is your OpenClaw agent (primary solver) and a second agent challenges assumptions, sur...
⭐ 1· 250·1 current·1 all-time
by@tvaloki
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's goal (run two agents, produce a merged solution, and store it in Open Brain memory) matches what the code does. However the package metadata declares no required binaries or env vars while the runtime uses the 'openclaw' CLI and several environment variables (OPENBRAIN_MCP_URL, OPENBRAIN_MCP_TOKEN, OPENAI_API_KEY). The missing declarations are an incoherence that reduces transparency.
Instruction Scope
SKILL.md and the script instruct the agent to: call an MCP endpoint (OPENBRAIN_MCP_URL) to run tools (search_docs, execute_sql), optionally call the external OpenAI API, run the local 'openclaw agent' binary, and persist results into public.memories. Those actions go beyond purely local reasoning: they transmit user query/context to external endpoints (MCP and optionally api.openai.com) and write persistent memory. This is within the skill's functional scope but has potential privacy/exfiltration implications and should be explicitly documented and trusted.
Install Mechanism
No install spec (instruction-only + code file) — nothing is downloaded or installed automatically. This minimizes install-time risk. The included Python script will run on invocation; review it before executing.
Credentials
The script uses several environment variables (OPENBRAIN_MCP_URL, OPENBRAIN_MCP_TOKEN, OPENAI_API_KEY, SOLVER_SECOND_MODEL, OPENBRAIN_SQL_TOOL, OPENBRAIN_CONTEXT_TOOL) but the skill metadata lists none. Requesting an MCP URL/token and an OpenAI key is plausible for its behavior, but the metadata omission is misleading. Especially important: if OPENBRAIN_MCP_URL is pointed at a remote or untrusted endpoint, the skill will send queries, context, and the final outcome to that endpoint and will write memory there via SQL tool calls.
Persistence & Privilege
The skill intentionally writes results into public.memories (creates table if missing and inserts outcome). That persistent write is consistent with the stated behavior (stores solution into Open Brain memory). It does not request 'always: true'. Still, persistence means private or sensitive query data will be stored; confirm you want that data kept and where (the MCP-backed data store).
What to consider before installing
What to check before installing/using this skill:
- Review and trust the MCP endpoint: the script sends your query, pulled context, and final solution to OPENBRAIN_MCP_URL and uses tools exposed by that MCP. If you set OPENBRAIN_MCP_URL to anything other than a trusted localhost instance, you may be transmitting sensitive data off-host.
- OpenAI usage is optional but explicit: if you set OPENAI_API_KEY the script will call api.openai.com and send prompt content; only provide that key if you accept that. The skill does not redact sensitive data before sending.
- Verify the 'openclaw' binary: the script runs subprocess 'openclaw agent'. Ensure that binary is present, trusted, and behaves as you expect. The skill metadata did not declare this required binary — treat that as a documentation gap.
- Memory persistence: the skill creates/inserts into public.memories. If you are concerned about long-term storage of queries/results, do not run it or modify the code to avoid the write.
- Inspect the included script before running: there is no installer, so review scripts/dual_agent_solver.py to confirm it matches your risk tolerance and to change behavior (e.g., disable memory writes, force localhost MCP, or remove OpenAI calls).
- If you want to proceed: run the script in a sandboxed environment first (with OPENBRAIN_MCP_URL pointed to a local/test MCP) and without OPENAI_API_KEY to observe behavior. Add explicit required env var/binary declarations in your deployment policy or avoid giving it network access if you do not trust remote endpoints.Like a lobster shell, security has layers — review code before you run it.
latest
DualAgentSolver
Use this when the user wants two agents to work a problem and converge on a practical solution.
Setup
export OPENBRAIN_MCP_URL="http://127.0.0.1:54321/mcp"
# optional
export OPENBRAIN_MCP_TOKEN="..."
Optional second-agent model via OpenAI API (if key exists):
export OPENAI_API_KEY="..."
export SOLVER_SECOND_MODEL="gpt-4o-mini"
If OPENAI_API_KEY is missing, the second agent also runs through openclaw agent.
Run
python3 skills/dual-agent-solver/scripts/dual_agent_solver.py \
--query "How should we migrate our cron jobs safely?" \
--rounds 3
Output
Returns JSON including:
- round-by-round solver + critic outputs
- final merged solution
- memory write result and key (
dual-agent-solver:<timestamp>)
Storage
Persists outcome into public.memories (creates table if missing).
Comments
Loading comments...