← 返回 Skills 市场
Json Modifier
作者
WANGJUNJIE
· GitHub ↗
· v1.0.0
754
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install json-modifier
功能描述
Safely apply structured JSON patches (RFC 6902) to files. Use this skill when you need to update configuration files, package.json, or memory JSONs without r...
使用说明 (SKILL.md)
JSON Modifier
A utility for modifying JSON files using RFC 6902 JSON Patch format. Supports precise additions, removals, replacements, moves, copies, and tests.
Usage
# Modify a file in place
node skills/json-modifier/index.js --file path/to/config.json --patch '[{"op": "replace", "path": "/key", "value": "new_value"}]'
# Modify and save to a new file
node skills/json-modifier/index.js --file input.json --patch '[...]' --out output.json
# Use a patch file
node skills/json-modifier/index.js --file input.json --patch-file patches/update.json
Patch Format (RFC 6902)
The patch must be a JSON array of operation objects.
Examples
Replace a value:
[
{ "op": "replace", "path": "/version", "value": "2.0.0" }
]
Add a new key:
[
{ "op": "add", "path": "/features/new_feature", "value": true }
]
Remove a key:
[
{ "op": "remove", "path": "/deprecated_key" }
]
Append to an array:
[
{ "op": "add", "path": "/list/-", "value": "item" }
]
Safety
- Validates patch against document before applying.
- Atomic write (writes to temporary file, then renames).
- Preserves indentation (default: 2 spaces).
安全使用建议
This skill appears to be what it claims: a safe JSON-patch CLI. Before installing or running it: 1) Verify the file path you or the agent will call (SKILL.md path examples differ from the package layout) so the agent executes the correct script. 2) Run the included test locally (npm install then npm test) in a safe directory to confirm behavior. 3) Be cautious about which files you allow the agent to modify—the tool will overwrite files (atomic rename is used, but data loss can occur if patches are incorrect). 4) Review/lock dependencies if you require stricter supply-chain controls (it uses fast-json-patch from npm). 5) Note tests use child_process.execSync to invoke the CLI locally—that's normal for testing but confirms the package executes local commands.
功能分析
Type: OpenClaw Skill
Name: json-modifier
Version: 1.0.0
The `index.js` script allows reading and writing arbitrary files specified via command-line arguments (`--file`, `--patch-file`). While this functionality is core to its stated purpose of modifying JSON files, it introduces a significant vulnerability. An attacker could potentially leverage this skill by crafting a prompt to the OpenClaw agent, instructing it to modify or read sensitive system configuration files (e.g., `/etc/passwd`, `/etc/sudoers`) or other critical application data, without the skill itself exhibiting explicit malicious intent like data exfiltration or backdoor installation. The `scripts/test.js` also uses `child_process.execSync`, a powerful primitive, though it is used benignly within a controlled test environment.
能力评估
Purpose & Capability
Name and description match the included code: index.js implements a CLI that reads a JSON file and a RFC 6902 patch and writes the result. Minor documentation mismatch: SKILL.md examples reference 'node skills/json-modifier/index.js' while the repo provides index.js at the package root; this is likely a path/documentation inconsistency rather than malicious.
Instruction Scope
SKILL.md only documents CLI usage for applying patches. The code only reads the specified target file/patch file, validates and applies the patch, and performs an atomic write. It does not read other files, environment variables, or network endpoints.
Install Mechanism
No install spec is provided; this is instruction-plus-code. The only dependency is fast-json-patch from the public npm registry (package-lock.json points to registry.npmjs.org). There are no arbitrary downloads, extract steps, or unusual install actions.
Credentials
No environment variables, credentials, or config paths are requested or used. The skill's requested privileges are minimal and aligned with editing local files.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It does not modify other skills or global agent config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install json-modifier - 安装完成后,直接呼叫该 Skill 的名称或使用
/json-modifier触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of json-modifier skill for safely applying JSON Patches (RFC 6902) to files.
- Supports atomic writes, input/output file selection, patch file input, and indentation preservation.
- Enables precise add, remove, replace, move, copy, and test operations on JSON structures.
- Validates patches before applying to ensure document safety and integrity.
元数据
常见问题
Json Modifier 是什么?
Safely apply structured JSON patches (RFC 6902) to files. Use this skill when you need to update configuration files, package.json, or memory JSONs without r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 754 次。
如何安装 Json Modifier?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install json-modifier」即可一键安装,无需额外配置。
Json Modifier 是免费的吗?
是的,Json Modifier 完全免费(开源免费),可自由下载、安装和使用。
Json Modifier 支持哪些平台?
Json Modifier 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Json Modifier?
由 WANGJUNJIE(@wanng-ide)开发并维护,当前版本 v1.0.0。
推荐 Skills