← 返回 Skills 市场

Airdrop Participation Filter

Name: Airdrop Participation Filter
Author: harrylabsj

作者 haidong · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install airdrop-participation-filter

功能描述

A decision helper that helps users decide whether to participate in an airdrop campaign. Use when the user considers joining an airdrop. Prompt-only.

使用说明 (SKILL.md)

airdrop-participation-filter

A decision helper that helps users decide whether to participate in an airdrop campaign.

Workflow

Ask what the airdrop is: which protocol, what the qualification criteria are, and what the potential value might be.
Assess time commitment, risk of exposure to unknown protocols, and opportunity cost.
Check whether the user has the technical setup to participate safely.
Flag disguised data collection, VPN restrictions, and regulatory gray areas.
Give a recommendation: worth it, conditional, or skip.

Output Format

Airdrop summary
Participation recommendation
Time and risk assessment
Safety checklist before joining
What to watch for during participation

Quality Bar

Does not over-promise potential airdrop value.
Focuses on whether participation is worth the user's time and risk.
Flags security risks of interacting with early-stage or unknown protocols.

Edge Cases

If the user needs to connect a wallet or deposit funds, flag this as a red flag.
If the qualification criteria require significant personal data, flag regulatory risk.

Compatibility

Prompt-only, no wallet connection required.
Works from user-described or pasted campaign details.

安全使用建议

This skill's documentation says it's prompt-only and needs nothing, but the included handler.py tries to read /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md using an unsanitized skill_name. That mismatch is suspicious — it may be an accidental leftover from development, but it also allows local file reads (and potentially directory traversal) which could leak sensitive files. Before installing or enabling: 1) Ask the publisher why the code reads a hard-coded home path and request removal of any local-file reads unless explicitly needed. 2) If you or a reviewer will run the code, inspect/modify handler.py to (a) avoid hard-coded paths, (b) sanitize/validate skill_name (reject path separators), or (c) remove _load_skill_meta entirely and use the packaged SKILL.md via safe APIs. 3) Run the skill in a sandboxed environment if you must test it, and verify there are no network calls and it doesn't read sensitive files. 4) If you can't get a satisfactory explanation or patch, treat the skill as untrusted and avoid installing it in environments with sensitive data. The current state is likely a coding oversight but is not justified by the skill's description, so proceed with caution.

功能分析

Type: OpenClaw Skill Name: airdrop-participation-filter Version: 1.0.0 The skill contains a hardcoded absolute path to a specific local user directory (/Users/jianghaidong/.openclaw/skills/) in handler.py. This implementation is highly irregular for a portable skill and introduces a path traversal vulnerability because the 'skill_name' parameter is used to construct file paths without sanitization. While the current code reads the file but does not exfiltrate its content, the presence of environment-specific paths and insecure file handling warrants a suspicious classification.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The skill is described as prompt-only and declares no required config paths or credentials, yet handler.py attempts to read a SKILL.md from a hard-coded local path (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md). That local filesystem access is not justified by the stated purpose and is incoherent with the declared requirements.

⚠ Instruction Scope

SKILL.md contains only prompt guidance (no file/system access). The runtime code (handler.py) contradicts this by reading a local file. The README/instructions do not mention reading local files or using skill_name to load local content, so the instructions and the implementation are out of sync.

✓ Install Mechanism

No install spec, no external downloads, and no required binaries — low install risk. The only code is small and included in the package.

⚠ Credentials

The package declares no environment/credential needs, but the code accesses a specific user home path. Accessing arbitrary files in a user's home directory is disproportionate to the stated function and could expose local data. The code also takes a skill_name input and interpolates it into a filesystem path without sanitization (possible directory traversal).

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges. It also does not declare persistence. However, local file reads still increase its blast radius compared to an instruction-only skill.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install airdrop-participation-filter
安装完成后，直接呼叫该 Skill 的名称或使用 /airdrop-participation-filter 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of airdrop-participation-filter. - Provides a structured workflow to help users decide on airdrop participation. - Assesses time commitment, risks, technical requirements, and safety concerns. - Flags potential scams, regulatory risks, and protocols requiring wallet connection or personal data. - Offers clear participation recommendations and safety checklists based on user-provided campaign details. - Designed for prompt-only usage; no wallet connection needed.

元数据

Slug airdrop-participation-filter

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题