← 返回 Skills 市场

Expanso json-validate

Name: Expanso json-validate
Author: aronchick

作者 Expanso · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

890

总下载

当前安装

版本数

在 OpenClaw 中安装

/install expanso-json-validate

功能描述

Validate JSON syntax and structure using the Expanso Edge pipeline in CLI or MCP server modes.

使用说明 (SKILL.md)

json-validate

"Validate JSON syntax and structure"

Requirements

Expanso Edge installed (expanso-edge binary in PATH)
Install via: clawhub install expanso-edge

Usage

CLI Pipeline

# Run standalone
echo '\x3Cinput>' | expanso-edge run pipeline-cli.yaml

MCP Pipeline

# Start as MCP server
expanso-edge run pipeline-mcp.yaml

Deploy to Expanso Cloud

expanso-cli job deploy https://skills.expanso.io/json-validate/pipeline-cli.yaml

Files

File	Purpose
`skill.yaml`	Skill metadata (inputs, outputs, credentials)
`pipeline-cli.yaml`	Standalone CLI pipeline
`pipeline-mcp.yaml`	MCP server pipeline

安全使用建议

What to check before installing or using this skill: - Verify you have a trusted expanso-edge binary (the skill expects that binary but the registry metadata didn't declare it). Only run pipelines with a known, official expanso-edge binary. - The default behavior is local parsing, which is coherent with the skill's purpose. However the README/README.md suggests you can deploy the pipeline to Expanso Cloud (https://skills.expanso.io). Avoid deploying pipelines that will process sensitive data unless you understand the cloud provider's policies and authentication requirements. - The pipelines add an input_hash (sha256) and trace_id to metadata. Hashes can sometimes be used to correlate or identify inputs; if you deploy or forward outputs, be aware this metadata will be included. - If you run MCP mode, it binds to 0.0.0.0:${PORT} — ensure you don't expose that port to the public internet unless you want to accept remote JSON submissions. - If you need to be confident this skill is safe: ask the publisher for confirmation of the expanso-edge binary provenance, and whether any optional cloud deployment requires credentials or will store/inspect submitted data. You can also run the skill in an isolated environment and monitor network traffic while feeding non-sensitive test inputs. Confidence notes: medium — the core functionality is locally scoped and clear, but the undocumented runtime dependency and explicit cloud-deploy instructions introduce enough ambiguity about potential data transmission to warrant caution.

功能分析

Type: OpenClaw Skill Name: expanso-json-validate Version: 1.0.0 The OpenClaw skill 'json-validate' is designed to validate JSON syntax and structure. The `pipeline-cli.yaml` and `pipeline-mcp.yaml` files implement this functionality using Expanso's built-in `parse_json()` function, collecting basic metadata like content hash and length. There are no indications of shell command execution, unauthorized file system access, external network calls (beyond serving an HTTP endpoint in MCP mode), or attempts to exfiltrate sensitive data. The `SKILL.md` and `README.md` files provide usage instructions for the user/agent but do not contain any prompt injection attempts or malicious directives. The `skill.yaml` explicitly states no credentials are required and uses only local processing components.

能力评估

ℹ Purpose & Capability

The skill's files and pipelines implement local JSON validation (parsing, error messages, simple stats) which matches the name. However the package registry metadata did not declare the runtime dependency on the expanso-edge binary even though SKILL.md and the pipelines require it; that's a mismatch in declared requirements.

⚠ Instruction Scope

SKILL.md and pipelines run locally and do not call external APIs by default, but SKILL.md includes a 'Deploy to Expanso Cloud' command that would send the pipeline to https://skills.expanso.io. The pipelines compute and include an input_hash (sha256) and other metadata in outputs — if you deploy or otherwise send results to a remote service this could leak hashed or derived information about inputs. The MCP pipeline also exposes an HTTP endpoint on 0.0.0.0 which, if publicly exposed, will accept posted content.

✓ Install Mechanism

This is instruction-only and has no install script or downloads — lowest-risk install behavior. The only runtime dependency is the expanso-edge binary, which must already be present on PATH (not installed by the skill).

ℹ Credentials

The skill declares no required environment variables or credentials (skill.yaml credentials: []). The MCP instructions reference PORT for binding, which is normal. Be aware that the skill records an input_hash and trace_id in metadata; while not credentials themselves, these fields could be sensitive if shipped to an external service.

✓ Persistence & Privilege

The skill does not request always: true and does not modify other skills or system-wide settings. It runs locally and only listens on an HTTP port if you start MCP mode.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install expanso-json-validate
安装完成后，直接呼叫该 Skill 的名称或使用 /expanso-json-validate 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial publish

元数据

Slug expanso-json-validate

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题