← 返回 Skills 市场

CHECK

Name: CHECK
Author: tilannlou

作者 tilannlou · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

390

总下载

当前安装

版本数

在 OpenClaw 中安装

/install check

功能描述

检查系统和Python环境，验证AI/ML及RAG开发所需工具、包、目录结构和配置是否完整，支持自动安装缺失依赖。

使用说明 (SKILL.md)

Environment Checker Skill

描述

检查系统环境是否满足AI/ML开发需求的工具，包括Python包、系统工具、工作区结构和RAG环境配置的检查。

功能

检查系统中安装的工具（Python、pip、Git、Docker、Node.js等）
检查Python包安装状态（AI/ML相关、RAG相关、工具类等）
检查工作区目录结构（model、utils、scripts等）
检查RAG环境配置（API密钥等）
自动安装缺失的Python包

使用方法

检查环境

检查我的开发环境
检查系统环境是否满足AI开发要求
验证Python包是否齐全

安装缺失的包

安装缺失的Python包
帮我安装所有缺失的依赖

安装特定包

安装numpy
安装langchain和openai

输入参数

无特殊参数，根据用户请求的意图自动执行相应功能

输出格式

返回JSON格式的环境检查结果，包括：

时间戳
系统信息
Python版本
检查摘要（总数、通过数、失败数、成功率）
详细的检查结果（系统工具、Python包、工作区、RAG环境）

适用场景

新环境搭建时的环境检查
AI/ML项目初始化前的依赖验证
RAG应用部署前的环境验证
定期环境维护和依赖更新

依赖

Python 3.7+
pip
系统需支持subprocess调用（大多数现代操作系统均支持）

注意事项

部分Python包可能需要较长的安装时间
安装包时可能需要网络连接
某些系统工具检查可能需要管理员权限

安全使用建议

This package is not a simple read-only environment checker — it bundles multiple powerful utilities that can run commands, install packages, write/delete files, and execute generated code. Before installing or enabling it: 1) Confirm you trust the publisher (source is unknown). 2) If you only need environment checks, prefer an environment-only implementation or run these scripts locally after manual review. 3) If you allow auto-install or execution, run the skill in an isolated environment (VM/container) to limit blast radius. 4) Review the included Python files (especially code_generator_tester_skill.py and permission_manager_skill.py) to verify there is no behavior you object to. 5) Be aware the code will inspect environment variables for API keys — avoid installing on hosts with sensitive credentials unless you trust the package. If you want, I can list the exact functions that perform subprocess/sudo/pip/file deletions so you can review them line-by-line.

功能分析

Type: OpenClaw Skill Name: check Version: 1.0.0 The bundle provides high-risk capabilities including arbitrary code execution, package installation, and elevated command execution (sudo/runas) across several files like code_generator_tester_skill.py and universal_permission_manager_skill.py. While these features align with the stated purpose of a 'Development Skills Bundle,' the lack of strict input sanitization and the request for broad system permissions create a significant attack surface for Remote Code Execution (RCE). No evidence of intentional malice or data exfiltration was found, but the inherent risks of the provided tools exceed the threshold for a benign classification.

能力评估

⚠ Purpose & Capability

The public SKILL.md describes an environment/RAG checker that can auto-install Python packages. The distributed bundle, however, includes several other skills (code_generator_tester_skill.py, permission_manager_skill.py, rag_manager_skill.py, universal_permission_manager_skill.py) that implement arbitrary code generation+execution, file write/delete, sudo/elevation attempts, and broader permission fixes. Packaging these into a single 'CHECK' skill expands capabilities beyond the simple environment-checker description and may surprise users.

⚠ Instruction Scope

SKILL.md instructions are limited to checking tools, packages, workspace and optionally installing missing Python packages. The code implements that (subprocess pip installs, which is expected) but also contains functionality to: run arbitrary generated code (create temp files and execute them), save code into project paths, run system commands (including docker/ollama/sudo), and manipulate files. Those behaviors go beyond what the SKILL.md emphasizes and grant the agent powerful runtime actions if invoked.

✓ Install Mechanism

No external install spec or remote archive downloads. The skill uses local Python scripts and calls pip via subprocess to install packages — an expected mechanism for 'auto-install' behavior. No unusual URLs or archive extraction were found.

⚠ Credentials

The code reads RAG-related environment variables (OPENAI_API_KEY, ANTHROPIC_API_KEY, COHERE_API_KEY, HUGGINGFACE_API_KEY, AZURE_OPENAI_API_KEY) to detect configured providers. The registry metadata lists no required envs, which is not a hard error but is a transparency gap: the skill will check for (and thus can detect presence/absence of) sensitive API keys in the environment. Additionally, package.json declares permissions such as write/delete files and execute_commands for included skills, which are broad relative to a simple checker.

⚠ Persistence & Privilege

always:false (good). However the bundle includes code that can execute arbitrary commands, attempt privilege escalation (sudo on Linux, runas hints on Windows), install packages, write and delete files — and package metadata enumerates 'delete_files' permissions for RAG manager. While these capabilities may be legitimate for developer tooling, they are high-privilege actions and should only be granted to a trusted skill from a trusted source.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install check
安装完成后，直接呼叫该 Skill 的名称或使用 /check 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the Environment Checker Skill - 检查常见系统工具（Python、pip、Git、Docker、Node.js等）安装与状态 - 验证AI/ML、RAG相关和常用Python包的安装情况，支持自动安装缺失包 - 检查工作区目录结构合理性（如model、utils、scripts等目录） - 检查RAG环境配置（如API密钥） - 输出详细JSON格式的环境检查报告 - 提供一键依赖安装和特定包安装命令

元数据

Slug check

版本 1.0.0

许可证 —

累计安装 5

当前安装数 5

历史版本数 1

常见问题

CHECK 是什么？

检查系统和Python环境，验证AI/ML及RAG开发所需工具、包、目录结构和配置是否完整，支持自动安装缺失依赖。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 390 次。

如何安装 CHECK？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install check」即可一键安装，无需额外配置。

CHECK 是免费的吗？

是的，CHECK 完全免费（开源免费），可自由下载、安装和使用。

CHECK 支持哪些平台？

CHECK 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 CHECK？

由 tilannlou（@tilannlou）开发并维护，当前版本 v1.0.0。