← 返回 Skills 市场
Json Repair Kit
作者
WANGJUNJIE
· GitHub ↗
· v1.0.0
860
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install json-repair-kit
功能描述
Repair malformed JSON files by normalizing them through Node.js evaluation. Use this to fix trailing commas, single quotes, unquoted keys, or other common sy...
使用说明 (SKILL.md)
JSON Repair Kit
A utility to repair broken or "loose" JSON files (like those with trailing commas, single quotes, or unquoted keys) by parsing them as JavaScript objects and re-serializing as valid JSON.
Usage
# Repair a file in place (creates .bak backup)
node skills/json-repair-kit/index.js --file path/to/broken.json
# Repair and save to a new file
node skills/json-repair-kit/index.js --file broken.json --out fixed.json
# Scan directory and repair all .json files (recursive)
node skills/json-repair-kit/index.js --dir config/ --recursive
Supported Repairs
- Trailing Commas:
{"a": 1,}->{"a": 1} - Single Quotes:
{'a': 'b'}->{"a": "b"} - Unquoted Keys:
{key: "value"}->{"key": "value"} - Comments: Removes JS-style comments
//(if parser supports it, standard Nodeevalmay strip them if they are line comments outside of strings). - Hex/Octal Numbers:
0xFF->255
Safety
- Backup: Always creates a
.bakfile before overwriting (unless--no-backupis used, but default is safe). - Validation: Verifies the repaired content is valid JSON before writing.
- Eval Sandbox: Uses
vm.runInNewContextto parse, ensuring no access to global scope or process. It is safer thaneval().
安全使用建议
This tool will execute the contents of the files you give it inside Node's VM to 'repair' loose JSON. That is functionally powerful but not a secure sandbox: a maliciously crafted file can execute JavaScript that escapes the VM and touches your filesystem or process. Only run this on files you trust. If you need to process untrusted input, consider safer alternatives: use tolerant parsing libraries (json5, strip-json-comments + JSON.parse, jsonc-parser) that don't evaluate code, or run the script inside an isolated container/VM with limited permissions. If you keep this tool, at minimum: (1) audit files before repair, (2) keep backups (.bak is created by default), and (3) consider replacing the eval-based fallback with a proper parser or an AST-based approach that doesn't run code.
功能分析
Type: OpenClaw Skill
Name: json-repair-kit
Version: 1.0.0
The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability in `index.js`. The `repairJson` function uses `vm.createContext` to evaluate user-provided JSON content, which is susceptible to known sandbox escape techniques. A malicious JSON file can be crafted to execute arbitrary Node.js code on the agent's system, despite the `SKILL.md` claiming the `vm` usage ensures 'no access to global scope or process.' This flaw allows an attacker to compromise the agent by providing a specially crafted input file.
能力评估
Purpose & Capability
Name/description match the code and SKILL.md: the script reads .json files (single file or recursive directory), attempts JSON.parse, and falls back to evaluating the content as JavaScript to re-serialize valid JSON. File IO and backup behavior are consistent with the stated purpose.
Instruction Scope
SKILL.md and index.js instruct the agent to parse malformed JSON by evaluating the file content in a vm context and assert this is safe. In practice, vm.runInContext/vm.Script do not guarantee security against sandbox escapes; evaluating arbitrary file contents can lead to arbitrary JS execution with access to the host environment via known escape patterns (e.g., constructor.constructor / Function() usage). The instructions do not warn users to only run on trusted files or describe the risk.
Install Mechanism
No install spec; tool is instruction/code-only (index.js, package.json, test script). Nothing is downloaded or written during installation — low install risk.
Credentials
No credentials, env vars, or external endpoints are requested. The script reads and writes local files (including recursive directory scan) which is appropriate for a file-repair utility.
Persistence & Privilege
Skill is not always-enabled and does not request persistent platform privileges. It modifies only files the user points it at (creates .bak files by default) and exports functions for testing; it does not change other skills or global agent config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install json-repair-kit - 安装完成后,直接呼叫该 Skill 的名称或使用
/json-repair-kit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of JSON Repair Kit—a utility to fix malformed JSON files.
- Repairs common JSON syntax errors: trailing commas, single quotes, unquoted keys, JavaScript-style comments, and non-decimal numbers.
- Offers file and directory processing with backup creation by default.
- Ensures repaired content is valid JSON before saving.
- Uses a safe sandboxed environment for parsing to minimize risks.
元数据
常见问题
Json Repair Kit 是什么?
Repair malformed JSON files by normalizing them through Node.js evaluation. Use this to fix trailing commas, single quotes, unquoted keys, or other common sy... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 860 次。
如何安装 Json Repair Kit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install json-repair-kit」即可一键安装,无需额外配置。
Json Repair Kit 是免费的吗?
是的,Json Repair Kit 完全免费(开源免费),可自由下载、安装和使用。
Json Repair Kit 支持哪些平台?
Json Repair Kit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Json Repair Kit?
由 WANGJUNJIE(@wanng-ide)开发并维护,当前版本 v1.0.0。
推荐 Skills