API审计
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 nano-core
- 领域
- 数据
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @0-CYBERDYNE-SYSTEMS-0 · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需手动接入
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- macOS · Docker
- 底层运行要求
- Docker
- 文件与系统权限
-
- 只读
- Shell 执行
- 读取环境变量
- 允许写入 / 修改
- 网络行为
- 仅限本地
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: run-other-cli-agents
description: Execute and orchestrate external CLI-based agents to delegate subtasks, obtain specialized outpu…
category: 数据
runtime: Docker
---
# run-other-cli-agents 输出预览
## PART A: 任务判断
- 适用问题:表格、CSV、数据集、指标或分析流程。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“When to use this skill / When not to use this skill / Core Capabilities”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于表格、CSV、数据集、指标或分析流程,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“When to use this skill / When not to use this skill / Core Capabilities”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、执行终端命令、读取环境变量、写入/修改文件、主要在本地完成、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、执行终端命令、读取环境变量、写入/修改文件;主要在本地完成;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/users`、`/tmp`、`/data`、`/path` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、执行终端命令、读取环境变量、写入/修改文件。
先用一个小任务确认它会围绕“When to use this skill / When not to use this skill / Core Capabilities”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: run-other-cli-agents
description: Execute and orchestrate external CLI-based agents to delegate subtasks, obtain specialized outpu…
category: 数据
source: 0-CYBERDYNE-SYSTEMS-0/nano-core
---
# run-other-cli-agents
## 什么时候使用
- run-other-cli-agents 是数据方向的技能,让 Agent 处理结构化文件(Excel / CSV / 表格) 适合处理表格、CSV、指标、数据集、分析和可视化报告,核心价值是把输入、判断、执行、验证和交付边界固定下来…
- 面向表格、CSV、数据集、指标或分析流程,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「When to use this skill / When not to use this skill / Core Capabilities」组织步骤,不把推断写成作者事实。
- 读取文件、执行终端命令、读取环境变量、写入/修改文件;主要在本地完成;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "run-other-cli-agents" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> When to use this skill / When not to use this skill / Core Capabilities
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> Docker | 读取文件、执行终端命令、读取环境变量、写入/修改文件 | 主要在本地完成
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Run Other CLI Agents
When to use this skill
- Use when the user request matches this skill's domain and capabilities.
- Use when this workflow or toolchain is explicitly requested.
When not to use this skill
- Do not use when another skill is a better direct match for the task.
- Do not use when the request is outside this skill's scope.
Execute external CLI agents safely with comprehensive error handling, async execution, output format detection, and security controls.
Core Capabilities
- Safe Execution: Built-in error handling, retries, and timeout management
- Async Mode: Run agents in background for long-running tasks
- Format Detection: Auto-detect and validate JSON, XML, or text output
- Sandboxing: Execute untrusted agents with filesystem and network isolation
- Agent Chaining: Pipe output from one agent to another
- Parallel Execution: Run multiple agents simultaneously
- Resource Management: Control CPU, memory, and timeout limits
- Audit Logging: Track all agent invocations and results
Quick Start
Basic Invocation
./scripts/run_agent.sh math-agent "Calculate sqrt(144)"
With Advanced Features
# Async execution with retry and JSON output
./scripts/run_agent.sh --async --retry 3 --format json api-agent "GET /users"
# Sandboxed untrusted agent
./scripts/run_agent.sh --sandbox --timeout 30 third-party-agent "Process data"
Using the Helper Script
The scripts/run_agent.sh script provides robust agent execution with multiple options:
Command Syntax
./scripts/run_agent.sh [OPTIONS] <agent_command> "task description" [agent_args...]
Common Options
--async- Run agent in background, return immediately with run ID--timeout N- Set timeout in seconds (default: 300)--retry N- Retry N times on failure (default: 0)--format FMT- Expected output format: json|text|auto (default: auto)--sandbox- Run in restricted sandbox (requires firejail)--quiet- Suppress informational output--help- Show full help message
Environment Variables
AGENT_LOG_DIR- Log directory (default: /tmp/agent_logs)AGENT_TIMEOUT- Default timeout in secondsMAX_RETRIES- Default retry countRETRY_DELAY- Delay between retries in seconds
Common Patterns
Agent Chaining
Connect multiple agents in a pipeline:
# Extract → Transform → Load
raw=$(./scripts/run_agent.sh extractor "Extract from source")
transformed=$(./scripts/run_agent.sh transformer "$raw")
./scripts/run_agent.sh loader "$transformed"
Parallel Execution
Run multiple agents simultaneously:
./scripts/run_agent.sh agent1 "Task 1" &
./scripts/run_agent.sh agent2 "Task 2" &
./scripts/run_agent.sh agent3 "Task 3" &
wait
Async with Status Checking
Launch long-running agents in background:
# Start async
RUN_ID=$(./scripts/run_agent.sh --async data-processor "Process large_dataset.csv")
# Check status
PID=$(cat /tmp/agent_logs/${RUN_ID}.pid)
kill -0 $PID 2>/dev/null && echo "Running" || echo "Done"
# Get results
cat /tmp/agent_logs/${RUN_ID}.out
Error Recovery
Handle failures with retries:
./scripts/run_agent.sh --retry 3 --timeout 60 flaky-agent "Task"
Format Validation
Ensure output is valid JSON:
./scripts/run_agent.sh --format json api-agent "GET /data" | jq '.results'
Security Considerations
When running untrusted or third-party agents, always use security controls. See references/security.md for comprehensive security guidance including:
- Sandboxing with firejail, Docker, or platform-specific tools
- Input validation and sanitization
- Output sanitization for sensitive data
- Resource limits (CPU, memory, disk, network)
- File system access control
- Secrets management
- Audit logging
Quick Security Example
# Run untrusted agent with multiple protections
./scripts/run_agent.sh \
--sandbox \
--timeout 30 \
--format json \
--quiet \
untrusted-agent "task"
Advanced Usage
Multi-Stage Pipeline with Checkpoints
Build resilient pipelines that can resume after failures:
# Stage 1
if [ ! -f .stage1_done ]; then
./scripts/run_agent.sh --retry 3 stage1-agent "Extract" && touch .stage1_done
fi
# Stage 2
if [ ! -f .stage2_done ]; then
./scripts/run_agent.sh --retry 3 stage2-agent "Transform" && touch .stage2_done
fi
# Stage 3
./scripts/run_agent.sh --retry 3 stage3-agent "Load"
Load Balancing
Distribute tasks across agent pool:
AGENTS=("agent-1" "agent-2" "agent-3")
TASKS=("task1" "task2" "task3" "task4" "task5")
i=0
for task in "${TASKS[@]}"; do
agent="${AGENTS[$((i % ${#AGENTS[@]}))]}"
./scripts/run_agent.sh --async "$agent" "$task"
i=$((i + 1))
done
wait
Conditional Agent Selection
Route to specialized agents based on input:
case "$REQUEST_TYPE" in
"weather")
./scripts/run_agent.sh weather-agent "$REQUEST_DATA"
;;
"stocks")
./scripts/run_agent.sh --format json stock-agent "$REQUEST_DATA"
;;
"news")
./scripts/run_agent.sh news-agent "$REQUEST_DATA"
;;
esac
Reference Documentation
For detailed examples and security guidance, see:
references/examples.md- Comprehensive usage examples including:- Basic and advanced invocations
- Async and background execution patterns
- Error handling and retry strategies
- Output format detection and validation
- Agent chaining and pipeline patterns
- Parallel execution with xargs and background jobs
- Real-world scenarios (web scraping, ML workflows, ETL pipelines)
- Monitoring and alerting patterns
references/security.md- Security best practices including:- Threat model and risk assessment
- Sandboxing with firejail, Docker, macOS sandbox
- Input validation and sanitization
- Output sanitization for sensitive data
- Resource limits (CPU, memory, disk, network)
- Network isolation techniques
- File system access control
- Secrets management
- Audit logging
- Complete security checklist
Troubleshooting
Agent Not Found
# Check if agent is in PATH
command -v agent-name
# List available agents
compgen -c | grep -E 'agent|cli'
Timeout Issues
# Increase timeout
./scripts/run_agent.sh --timeout 600 slow-agent "task"
# Or set environment variable
AGENT_TIMEOUT=600 ./scripts/run_agent.sh slow-agent "task"
Output Format Problems
# Let script detect format
./scripts/run_agent.sh --format auto agent "task"
# Or specify expected format
./scripts/run_agent.sh --format json agent "task"
Permission Errors
# Ensure script is executable
chmod +x scripts/run_agent.sh
# Check log directory permissions
mkdir -p /tmp/agent_logs
chmod 755 /tmp/agent_logs
Best Practices
- Always use timeouts - Prevent runaway agents with
--timeout - Validate output - Use
--formatto ensure expected output structure - Handle errors - Use
--retryfor network-dependent agents - Isolate untrusted code - Always use
--sandboxfor third-party agents - Log everything - Review logs in
$AGENT_LOG_DIRfor debugging - Clean up - Remove old logs periodically to save disk space
- Test in isolation - Run new agents standalone before chaining
- Use quiet mode in scripts - Add
--quietto reduce log noise - Monitor resources - Check CPU/memory usage for long-running agents
- Version control agents - Track which agent versions are deployed
Integration Examples
With CI/CD Pipeline
# .github/workflows/agent-tests.yml
- name: Test agents
run: |
./scripts/run_agent.sh --timeout 30 test-agent "Run tests"
With Cron Jobs
# Hourly monitoring
0 * * * * /path/to/run_agent.sh monitor-agent "Check system health"
With Systemd Services
[Unit]
Description=Background Agent Processor
[Service]
ExecStart=/path/to/run_agent.sh --async processor-agent "Process queue"
Restart=always
[Install]
WantedBy=multi-user.target
Performance Tips
- Use
--asyncfor long-running agents to avoid blocking - Run independent agents in parallel with
&andwait - Set appropriate timeouts to free resources quickly
- Use
--quietin scripts to reduce I/O overhead - Clean up old logs in
$AGENT_LOG_DIRregularly - Consider agent pooling for high-frequency invocations
- Use
--format jsonwhen output needs parsing (faster than regex)
Direct Invocation (Alternative)
If you don't need the wrapper's features, invoke agents directly:
agent-name "task description" [args...]
However, the wrapper script provides significant benefits:
- Automatic error handling and logging
- Timeout and retry capabilities
- Format detection and validation
- Security controls
- Consistent interface across all agents
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核