// Create new sub-agents (subagents) by generating YAML config and prompt files in ~/.flocks/plugins/agents/. The created agent can be delegated to by Rex via delegate_task. Use when the user asks to create, add, or generate a new agent.
统一处理浏览器使用任务,支持 CDP 直连/无头模式 使用用户本机 Chromium 系浏览器。Use when the user asks to browse websites, interact with pages, fill forms, capture screenshots, reuse an existing Chrome/Chromium/Edge login session, access internal/login-only pages, handle access-restricted content, when websearch/webfetch are unavailable, or automate browser actions.
用于处理 OneSEC/OneDNS 终端安全平台相关任务,适合通过API或者结合浏览器进行以下任务: 终端安全调查、威胁事件分析、终端告警检索、行为日志排查、IOC 查询、恶意文件分析、DNS 威胁排查、软件与终端资产查询、任务进度查看、审计日志分析、病毒扫描和常见终端处置场景。只要用户提到 OneSEC、微步 EDR等相关操纵需求时,必须先加载本 skill。本 skill 是 OneSEC 平台操作的唯一决策入口:在未阅读本 skill 并完成模式判断前,不要直接调用任何 `onesec_*` tool。
用于处理 OneSIG(安全互联网网关 / Secure Internet Gateway)相关任务,适合通过 API 或者结合浏览器进行以下任务:威胁监控(仪表盘、防护大屏、失陷主机、入站/出站威胁事件、报告管理)、防护策略(全局白/黑名单、多维封锁、IPS、HTTP 黑名单、高危端口防护、API 联动、Syslog 自动封禁、FTP/SFTP 联动)、资产管理、平台管理(告警/审计/用户、HTTPS 解密、网口路由 DNS、HA、OneCC、设备升级与备份、license、MDR、诊断)、登录会话与改密、帮助文档。只要用户提到 OneSIG、SIG、安全互联网网关、微步互联网网关等相关操作时,必须先加载本 skill。本 skill 是 OneSIG 平台操作的唯一决策入口:在未阅读本 skill 并完成模式判断前,不要直接调用任何 `onesig_*` tool。
用于处理青藤云安全平台相关任务,适合通过API或者结合浏览器进行以下任务:主机资产盘点、进程与账号排查、端口和服务查询、网站与数据库资产分析、可疑操作检测、暴力破解分析、异常登录排查、WebShell 与后门调查、蜜罐结果分析、补丁与漏洞风险检查、弱密码排查、基线任务查看、合规检查、授权管理、系统审计和快速风险体检场景。只要用户提到青藤、青藤云安全、青藤主机安全的相关操作时,必须先加载本 skill。本 skill 是 青藤 平台操作的唯一决策入口:在未阅读本 skill 并完成模式判断前,不要直接调用任何 `qingteng_*` tool。
用于处理深信服 EDR(终端检测与响应)相关任务,通过浏览器(CDP 直连)进行以下任务:终端状态查询、终端概况统计、失陷设备排查、设备运行状态查看等。只要用户提到 深信服 EDR、EDR、sangfor EDR 等需求时,必须先加载本 skill。本 skill 是 EDR 平台操作的唯一决策入口:在未阅读本 skill 前,不要直接使用 browser-use skill。
用于处理深信服 XDR(扩展检测与响应)相关任务,适合通过 API 或者结合浏览器进行以下任务:告警查询与处置、事件调查与响应、脆弱性管理、资产盘点、主机隔离、白名单管理、系统运维状态查看、节点健康监控等。只要用户提到 深信服 XDR、XDR、sangfor XDR 等需求时,必须先加载本 skill。本 skill 是 XDR 平台操作的唯一决策入口:在未阅读本 skill 并完成模式判断前,不要直接调用任何 `sangfor_xdr_*` tool 或使用 browser-use skill。
| name | agent-builder |
| category | system |
| description | Create new sub-agents (subagents) by generating YAML config and prompt files in ~/.flocks/plugins/agents/. The created agent can be delegated to by Rex via delegate_task. Use when the user asks to create, add, or generate a new agent. |
Create a new sub-agent from user requirements. Produces a YAML config file + prompt file under ~/.flocks/plugins/agents/<name>/, loadable by the system without restart.
Required directory layout:
~/.flocks/plugins/agents/
└── {name}/ ← subdirectory named after the agent (kebab-case)
├── agent.yaml ← YAML config
└── prompt.md ← system prompt
⚠️ Do NOT create flat files like
agents/{name}.yaml— the subdirectory format is mandatory.
Use the Question tool to confirm (skip if already clear):
kebab-case format (e.g. threat-analyst, code-reviewer)read_only) / general execution (react) / plan-then-execute (plan_and_execute) / codebase exploration (explore)Create ~/.flocks/plugins/agents/{name}/prompt.md with the following structure:
You are a specialized {role} agent.
## Mission
{Core responsibilities, 1-2 paragraphs}
## Capabilities
- **Capability 1**: specific description
- **Capability 2**: specific description
## Output Format
{Structured output requirements: tables, checklists, etc.}
## Constraints
- {Constraint 1}
- {Constraint 2}
Prompt writing principles:
tools allowlist (e.g. a read-only agent should not claim it can edit files)Create ~/.flocks/plugins/agents/{name}/agent.yaml. Prefer an explicit tools allowlist; use permission only for advanced wildcard matching or deny/allow patterns that cannot be expressed as a simple list.
# Required
name: {name} # kebab-case, globally unique
description: > # One-sentence description; Rex uses this to decide when to delegate
{Agent's role and specialty}
# Behavior
mode: subagent # Always "subagent" for sub-agents
strategy: read_only # react | plan_and_execute | read_only | explore
delegatable: true # Whether delegate_task can invoke this agent
hidden: false # Whether to hide from the frontend
# Prompt source (pick one)
prompt_file: prompt.md # External prompt.md in the same directory (recommended)
# prompt: "inline prompt..." # Inline (for short prompts)
# prompt_builder: "module:func" # Dynamic Python builder (advanced)
# Optional
color: "#E74C3C" # Frontend display color, 6-digit hex
temperature: 0.3 # 0.0 - 1.0
# top_p: null
# steps: 50 # Max execution steps
# Model override (optional; omit to use the global default)
# model:
# provider_id: custom-openai-compatible
# model_id: "claude-sonnet-4-5-20250929"
# Preferred tool allowlist
tools:
- read # Open as needed
- grep
- glob
# - bash # When shell execution is needed
# - edit # Covers write/edit/apply_patch-style file mutations
# - websearch # When web search is needed
# - webfetch # When web fetching is needed
# - delegate_task # When re-delegation is needed (use with caution)
# Advanced / legacy alternative when wildcard rules are really needed
# permission:
# "*": deny
# read: allow
# grep: allow
# glob: allow
# Delegation metadata (tells Rex when to delegate to this agent)
prompt_metadata:
category: {domain} # Domain category, e.g. security / code-quality / devops
cost: medium # CHEAP / medium / EXPENSIVE
triggers:
- domain: {trigger_domain}
trigger: "{trigger condition description}"
use_when:
- "{applicable scenario 1}"
- "{applicable scenario 2}"
avoid_when:
- "{inapplicable scenario}"
| Strategy | Use Case | Tool Scope | Example Agents |
|---|---|---|---|
read_only | Analysis/consultation only, no file mutations | Read-only tools | oracle, librarian |
react | General execution, observe-think-act loop | All tools | general |
plan_and_execute | Complex tasks requiring planning before execution | All tools | rex, hephaestus |
explore | Codebase exploration and search | Search/read tools | explore |
Read-only analysis (e.g. code review, security audit):
tools:
- read
- grep
- glob
Read-only + network (e.g. documentation lookup, threat intelligence):
tools:
- read
- grep
- glob
- bash
- websearch
- webfetch
Full execution (e.g. code generation, refactoring):
tools:
- read
- grep
- glob
- edit
- bash
- websearch
- webfetch
Tool naming rules:
threatbook_mcp_ip_query and threatbook_mcp_hrti_query.permission style and the new tools style in the same agent unless there is a very specific reason.After generating files, verify:
python3 -c "import yaml; from pathlib import Path; yaml.safe_load(Path('~/.flocks/plugins/agents/{name}/agent.yaml').expanduser().read_text(encoding='utf-8'))"~/.flocks/plugins/agents/{name}/prompt.md has been created~/.flocks/plugins/agents/{name}/, NOT as flat files like agents/{name}.yaml/tools or tool listing command, check against that instead of relying on memoryAfter creation, inform the user:
~/.flocks/plugins/agents/{name}/agent.yaml and prompt.md)delegate_task(subagent_type="{name}", ...)kebab-case (lowercase letters + digits + hyphens)mode is always subagent (this skill only creates sub-agents)~/.flocks/plugins/agents/<name>/ subdirectory — flat files like agents/<name>.yaml are legacy and should NOT be createdname field exactlytools: over permission: for new agents so the config stays aligned with the current UI and loader behavior