← 返回 Skills 市场
All Allow
作者
yubinsheng
· GitHub ↗
· v1.0.0
· MIT-0
97
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install allallow
功能描述
快速设置 OpenClaw 最大权限配置。 版本: 1.0.0 | 最低 OpenClaw: 2026.3.31 支持环境: Linux ✅ | macOS ✅ | WSL ✅ | Windows ⚠️ 功能: - 设置 tools.exec 为最大权限(host: auto, security: full, a...
使用说明 (SKILL.md)
allallow Skill v1.0.0
版本信息
| 项目 | 版本 |
|---|---|
| Skill 版本 | 1.0.0 |
| 最低 OpenClaw 版本 | 2026.3.31 |
| 更新日期 | 2026-04-01 |
支持的环境
| 环境 | 支持状态 | 说明 |
|---|---|---|
| Linux (原生) | ✅ 完全支持 | 推荐环境 |
| macOS | ✅ 完全支持 | 推荐环境 |
| Windows (WSL) | ✅ 完全支持 | 推荐环境 |
| Windows (原生) | ⚠️ 部分支持 | 路径格式可能有差异 |
| Docker | ✅ 支持 | 需在容器内运行 |
使用前提
安装此 skill 需要一定的初始权限:
| 所需权限 | 说明 |
|---|---|
exec 执行权限 |
需要运行 Node.js 脚本 |
fs 文件读取权限 |
需要读取当前配置 |
fs 文件写入权限 |
需要写入新配置 |
gateway 重启权限 |
需要重启网关生效 |
如果当前权限不足:
- 安装时可能需要手动批准
- 或先通过
openclaw config命令手动修改配置 - 或由管理员代为安装
安装
# 方法 1:复制到 OpenClaw skills 目录
cp -r skills/allallow ~/.openclaw/skills/
# 方法 2:使用 openclaw 命令
openclaw skills install ./skills/allallow
使用
应用最大权限配置
openclaw skills run allallow
# 或
cd skills/allallow && node allallow.js apply
回滚配置
node allallow.js rollback
备份当前配置
node allallow.js backup
显示信息
node allallow.js info
不同环境的差异
Linux / macOS / WSL
- 配置路径:
~/.openclaw/openclaw.json - 完全支持所有功能
- 自动检测网络接口并配置 allowedOrigins
Windows (原生)
- 配置路径:
%USERPROFILE%\.openclaw\openclaw.json - 路径格式使用反斜杠
- 网络接口检测可能受限
- 建议使用 WSL 获得最佳体验
Docker
- 需在容器内运行 skill
- 确保容器内安装了 Node.js
- 配置持久化需要挂载卷
隐私说明
此 skill 不会收集或打包任何隐私信息:
| 数据类型 | 是否收集 | 说明 |
|---|---|---|
| 网关令牌 (token) | ❌ 否 | 不读取、不存储 |
| 频道凭证 (appId/appSecret) | ❌ 否 | 不读取、不存储 |
| API Key | ❌ 否 | 不读取、不存储 |
| IP 地址 | ⚠️ 临时检测 | 仅用于配置 allowedOrigins,不存储不传输 |
| 配置内容 | ⚠️ 本地读取 | 仅本地修改,不上传 |
✅ 只包含通用的配置模板
配置说明
此 skill 会修改以下配置:
{
"tools": {
"profile": "full",
"exec": {
"host": "auto",
"security": "full",
"ask": "off"
},
"fs": {
"workspaceOnly": false
}
},
"agents": {
"defaults": {
"sandbox": {
"mode": "off"
}
}
},
"gateway": {
"bind": "lan",
"nodes": {
"denyCommands": []
},
"controlUi": {
"allowInsecureAuth": true,
"allowedOrigins": ["..."]
}
}
}
安全警告
⚠️ 此 skill 会大幅降低系统安全性:
- 执行命令无需批准 - 任何操作直接执行
- 可访问任何文件 - 不受 workspace 限制
- 沙箱已关闭 - 无隔离保护
- 允许所有节点命令 - 相机、短信、联系人等敏感操作
仅在受信任的环境中使用!
回滚方法
方法 1:使用 skill
cd skills/allallow
node allallow.js rollback
方法 2:手动恢复
cp ~/.openclaw/openclaw.json.backup ~/.openclaw/openclaw.json
openclaw gateway restart
方法 3:重置为默认
openclaw onboard
故障排除
无法读取配置文件
# 检查文件权限
ls -la ~/.openclaw/openclaw.json
# 手动创建配置目录
mkdir -p ~/.openclaw
网关重启失败
# 手动重启
openclaw gateway restart
# 检查状态
openclaw status
配置不生效
# 检查版本
openclaw version
# 更新到最新版
openclaw update
版本历史
1.0.0 (2026-04-01)
- ✅ 初始版本
- ✅ 支持 OpenClaw 2026.3.31
- ✅ 支持 Linux / macOS / WSL
- ✅ 自动检测环境
- ✅ 自动配置 allowedOrigins
- ✅ 添加版本检测
- ✅ 添加隐私保护说明
安全使用建议
This skill is internally consistent with its stated purpose, but it intentionally and persistently reduces system security. Before installing/running it: 1) Only run in an isolated, ephemeral, or fully trusted environment (e.g., disposable VM or container). 2) Inspect ~/.openclaw/openclaw.json before and after running; keep the backup created by the script. 3) Be aware it sets control UI allowInsecureAuth=true and binds the gateway to 'lan' — this can enable unauthenticated or LAN-wide access. 4) Do not run on production machines or on networks you do not fully control. 5) If unsure, use the provided rollback or restore the backup, and consider running the script with non-root or limited privileges first. 6) If you need tighter behavior, manually edit only the specific fields you intend to change instead of applying the full template.
功能分析
Type: OpenClaw Skill
Name: allallow
Version: 1.0.0
The 'allallow' skill is designed to programmatically disable all security protections in the OpenClaw environment, including disabling the sandbox, granting full filesystem access, and allowing command execution without user approval (allallow.js). While the documentation (SKILL.md, README.md) is transparent about these actions and includes a rollback feature, the intentional removal of security boundaries is a high-risk behavior that creates an extremely vulnerable state. No evidence of data exfiltration or hidden malicious payloads was found, but the skill's primary function is to eliminate the system's defensive posture.
能力评估
Purpose & Capability
Name/description promise (set OpenClaw to maximal permissions) matches what the files do: reading ~/.openclaw/openclaw.json, backing it up, modifying permission-related fields and restarting the gateway. The required capabilities (exec, fs, gateway) declared in SKILL.md are those actually needed.
Instruction Scope
Instructions and allallow.js only operate on the OpenClaw config and the system OpenClaw CLI (openclaw status, openclaw gateway restart) and enumerate local network interfaces to build allowedOrigins. While coherent with the stated goal, the instructions explicitly turn off sandboxing, allow unrestricted filesystem access, allow all node commands, set gateway.bind to 'lan', and set control UI to allowInsecureAuth=true — actions that materially widen attack surface and enable unauthenticated or LAN-based access. This is expected for the skill's purpose but is a serious security risk and should only be run in isolated/trusted environments.
Install Mechanism
No install spec; this is instruction + bundled Node script. No downloads from external URLs, no archive extraction, and package.json is local. No unusual install mechanism detected.
Credentials
The skill requests no environment variables or external credentials. The declared need for exec/fs/gateway permissions is proportional to modifying config and restarting the gateway. It does not attempt to read tokens/keys or contact external endpoints; it only enumerates local network interfaces for allowedOrigins.
Persistence & Privilege
The skill persistently modifies OpenClaw configuration to grant maximal privileges (disables sandboxing, allows full file access, enables insecure auth and LAN binding). Although the skill itself does not request always:true or modify other skills' configs, its persistent changes grant the platform much broader privileges and long-lived insecure state — this is a high-impact change and should be treated as privileged.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install allallow - 安装完成后,直接呼叫该 Skill 的名称或使用
/allallow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本:支持多环境,自动检测,最大权限配置
元数据
常见问题
All Allow 是什么?
快速设置 OpenClaw 最大权限配置。 版本: 1.0.0 | 最低 OpenClaw: 2026.3.31 支持环境: Linux ✅ | macOS ✅ | WSL ✅ | Windows ⚠️ 功能: - 设置 tools.exec 为最大权限(host: auto, security: full, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。
如何安装 All Allow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install allallow」即可一键安装,无需额外配置。
All Allow 是免费的吗?
是的,All Allow 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
All Allow 支持哪些平台?
All Allow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 All Allow?
由 yubinsheng(@yubinsheng)开发并维护,当前版本 v1.0.0。
推荐 Skills