← 返回 Skills 市场
Clawhub Search & Verify
作者
ViktorBjorn
· GitHub ↗
· v1.0.3
1243
总下载
0
收藏
6
当前安装
4
版本数
在 OpenClaw 中安装
/install clawhub-search-verify
功能描述
Safely search and review Clawhub skills by keyword, showing details and risk before asking for explicit approval to install.
使用说明 (SKILL.md)
Clawhub Search & Verify
Purpose: Safely discover, audit, and request approval for Clawhub skills before installation.
Workflow:
- Accepts a natural language search term (e.g., “daily server health check”)
- Uses to find matching skills
- Presents top 3 results with: slug, version, description, download count, and risk score
- Asks for explicit approval: “Install this? (yes/no)” before any install
- On approval, runs
Safety Rules:
- NEVER installs without your yes confirmation
- Skips any skill with \x3C5 installs or no clear description
- Logs every search and decision to
- Runs in sandboxed session with no filesystem write or exec capability — only read-only clawhub search and install via CLI
Uses only: , , (for CLI), (for log only)
Author: Architect (self-audited)
Tags: safe, automation, verify, no-shell, trusted
安全使用建议
This skill appears to be a simple wrapper around the 'clawhub' CLI to show top search results, but the documentation (SKILL.md) is incomplete and self-contradictory. Before installing or enabling it, ask the author to: 1) remove placeholder text and clearly document the exact commands used; 2) reconcile the sandbox/no-write/no-exec claims with the script (either make it truly read-only or remove the claim); 3) implement and show the approval + install flow if the skill will perform installs (currently it only prompts but does not execute installs); 4) make logging explicit and configurable (current script appends to logs/clawhub-search.log); and 5) fix parsing bugs (e.g., download counts with commas will break numeric comparisons). If you still want to test it, run it in an isolated environment where creating 'logs/' and executing the 'clawhub' CLI are safe, and inspect the output and any created files. Because of the mismatches and missing pieces, treat this skill as untrusted until the author fixes the documentation and implementation.
功能分析
Type: OpenClaw Skill
Name: clawhub-search-verify
Version: 1.0.3
The skill is classified as suspicious due to significant discrepancies between its `SKILL.md` documentation and the `cli-wrapper.sh` implementation. The `SKILL.md` explicitly instructs the AI agent to "run `clawhub install <slug>` on approval," which is not implemented in the provided shell script, creating a high risk of prompt injection where the agent might execute arbitrary installations. Furthermore, `SKILL.md` falsely claims "no filesystem write" capability, directly contradicted by `cli-wrapper.sh` writing user search terms to `logs/clawhub-search.log`, misrepresenting the skill's actual permissions and behavior.
能力评估
Purpose & Capability
Name/description claim a safe 'search & verify' helper and the included cli-wrapper.sh does perform a Clawhub search and basic risk scoring — that part is coherent. However the SKILL.md promises additional behaviors (sandboxing, never executing, full verification, and an install step) that are missing or incomplete, so the declared purpose is not fully realized by the implementation.
Instruction Scope
SKILL.md repeatedly claims 'no filesystem write or exec capability' and 'logs every search and decision to [blank]'; the script does execute the 'clawhub' CLI (an exec) and appends to logs/clawhub-search.log (a filesystem write). SKILL.md also contains blank placeholders for commands and the post-approval install step is not implemented in the script. These contradictions expand the agent's effective scope beyond what the doc claims.
Install Mechanism
No install spec is present; this is an instruction-only skill with a small wrapper script. No remote downloads or package installs are requested by the skill itself.
Credentials
The skill declares no required env vars or credentials, which is proportionate for a search wrapper. However it writes a local log file (logs/clawhub-search.log) and claims to log decisions (the script logs only searches), so there is an unexplained filesystem side effect despite the 'no-write' claim.
Persistence & Privilege
always is false, it does not declare persistent presence, and it doesn't modify other skills or global agent config. Its ability to execute the 'clawhub' CLI means it can trigger network activity indirectly via that CLI, which is expected for this purpose but worth noting.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawhub-search-verify - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawhub-search-verify触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Final: Fixed all syntax issues, now fully compatible with Clawhub plugin loader
v1.0.2
Patch: Final fix — added metadata.json, cleaned SKILL.md syntax, re-published
v1.0.1
Patch: Added metadata.json for Clawhub compatibility
v1.0.0
Initial release: Safe skill discovery and approval workflow
元数据
常见问题
Clawhub Search & Verify 是什么?
Safely search and review Clawhub skills by keyword, showing details and risk before asking for explicit approval to install. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1243 次。
如何安装 Clawhub Search & Verify?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawhub-search-verify」即可一键安装,无需额外配置。
Clawhub Search & Verify 是免费的吗?
是的,Clawhub Search & Verify 完全免费(开源免费),可自由下载、安装和使用。
Clawhub Search & Verify 支持哪些平台?
Clawhub Search & Verify 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawhub Search & Verify?
由 ViktorBjorn(@viktorbjorn)开发并维护,当前版本 v1.0.3。
推荐 Skills