← 返回 Skills 市场
djyde

diff4

作者 Randy · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
72
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install diff4
功能描述
Preview git diffs and files using the diff4 CLI. Use when the user wants to see code changes, review files content securely via diff4
使用说明 (SKILL.md)

diff4 - Encrypted Diff & File Sharing

diff4 encrypts diffs and files client-side (AES-256-GCM) before uploading. The server never sees plaintext. Recipients need the passphrase to decrypt.

Prerequisites

  • diff4 must be installed and available on PATH. Use npm i -g @diff4/cli to install.
  • A passphrase must be configured (see setup below)

Commands

Share the latest commit diff

diff4 git-latest

Runs git diff HEAD~1, encrypts the result, and uploads. Use when the user says "preview my last commit" or "send the latest diff."

Share staged changes

diff4 git-staged

Runs git diff --staged, encrypts, and uploads. Use when the user says "preview my staged changes" or "send what's about to be committed."

Share arbitrary files

diff4 files path/to/file1.ts path/to/file2.ts

Reads each file (UTF-8 text only), bundles them as JSON, encrypts, and uploads. Supports any number of paths (relative or absolute).

Key management

  • diff4 key-gen [key] - Generate or set the encryption passphrase
  • diff4 key-get - Print the current passphrase

Options

All upload commands (git-latest, git-staged, files) accept:

Flag Description
-s, --server \x3Curl> Override the diff4 server URL. Default: https://diff4.com (or DIFF4_SERVER env var)
-p, --passphrase \x3Ckey> Override the passphrase for this command only. Default: DIFF4_PASSPHRASE env var

Gotchas

  • Empty diffs fail gracefully. git-latest and git-staged will error if there is nothing to share.
  • Binary files are not supported. diff4 files reads files as UTF-8 text.
  • Server is configurable. Self-hosted instances can be set via DIFF4_SERVER env var or -s flag.
  • The passphrase must be shared out-of-band. diff4 only encrypts — recipients need the same passphrase to decrypt.
  • key-gen updates existing keys. If DIFF4_PASSPHRASE already exists in the shell config, key-gen replaces it in-place.

Typical workflow

  1. User asks to see a diff or files
  2. Verify setup: run diff4 key-get (if it fails, run diff4 key-gen and tell user to source their rc file)
  3. Run the appropriate command (git-latest, git-staged, or files \x3Cpaths>)
  4. Return the URL from the response to the user
  5. Remind the user that recipients need the passphrase to decrypt
安全使用建议
This instruction-only skill appears to do what it says (preview and share diffs) but has several red flags: (1) the SKILL.md requires the third-party `@diff4/cli` npm package though the registry lists no install requirements — verify the exact npm package name and publisher before installing; (2) the instructions reference DIFF4_PASSPHRASE and DIFF4_SERVER though no env vars are declared — expect to provide/store a passphrase and be aware key-gen will modify your shell rc file; (3) the tool reads arbitrary file paths and uploads encrypted blobs to an external server (default https://diff4.com) — even encrypted uploads can leak sensitive content if the passphrase or server are compromised; (4) there is no homepage or source listed, so the origin is unknown. Recommended actions before installing: confirm the official diff4 project (homepage, repo, npm publisher), inspect the npm package contents for unexpected code, prefer a self-hosted server or verify TLS/PKI for diff4.com, and avoid using the skill to upload secrets or system files until you trust the package and server. If you plan to use it, explicitly set and manage DIFF4_PASSPHRASE and review how key-gen updates shell configs.
功能分析
Type: OpenClaw Skill Name: diff4 Version: 1.0.0 The diff4 skill facilitates the uploading of local files and git diffs to a remote third-party server (https://diff4.com). While it claims to use client-side encryption, the skill provides the agent with the capability to read and exfiltrate arbitrary file paths via the 'files' command and retrieve encryption passphrases via 'key-get'. This represents a high-risk data exfiltration vector if the agent is prompted to target sensitive files (e.g., credentials or SSH keys) outside the intended scope of code sharing.
能力评估
Purpose & Capability
Name and description match the instructions: the skill runs a diff4 CLI to read git diffs or files and upload them. However the registry metadata lists no required binaries or env vars while the SKILL.md explicitly requires the diff4 CLI and references DIFF4_PASSPHRASE/DIFF4_SERVER environment variables — this mismatch is incoherent.
Instruction Scope
Runtime instructions tell the agent to run git diffs and read arbitrary file paths (absolute or relative) and then encrypt & upload them. Reading arbitrary files and uploading them (even encrypted) is a potential exfiltration vector. SKILL.md also directs key-gen to update shell rc files (replacing DIFF4_PASSPHRASE), which is a persistent side-effect not declared in the skill metadata.
Install Mechanism
No install spec is included in the registry, but the SKILL.md requires installing `@diff4/cli` via `npm i -g`. The absence of an install specification in the package metadata is an inconsistency: the skill expects a third-party npm package but does not declare or vet an install source or origin.
Credentials
The skill metadata declares no required environment variables, yet SKILL.md uses DIFF4_PASSPHRASE (for encryption) and DIFF4_SERVER (server override). The instructions also state key-gen will replace passphrases in shell config — this implies write access to user shell files. The presence of unspecified env/config manipulation is disproportionate to the metadata and should be declared explicitly.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. However, its key-gen behavior writes/updates shell config (persistent change to the user's environment), which is a sensitive side-effect that was not declared as a config-path requirement.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install diff4
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /diff4 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of diff4 skill for secure diff and file sharing. - Supports encrypting and sharing git diffs (`git-latest`, `git-staged`) and arbitrary files via the diff4 CLI. - Client-side AES-256-GCM encryption ensures only holders of the passphrase can decrypt shared content. - Server URL and passphrase configurable via flags or environment variables. - Key generation and retrieval available through `diff4 key-gen` and `diff4 key-get`. - Notifies on edge cases like empty diffs and unsupported binary files.
元数据
Slug diff4
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

diff4 是什么?

Preview git diffs and files using the diff4 CLI. Use when the user wants to see code changes, review files content securely via diff4. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 72 次。

如何安装 diff4?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install diff4」即可一键安装,无需额外配置。

diff4 是免费的吗?

是的,diff4 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

diff4 支持哪些平台?

diff4 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 diff4?

由 Randy(@djyde)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论