← 返回 Skills 市场

Mapick

Name: Mapick
Author: sunlleyevan

作者 mapick-ai · GitHub ↗ · v0.0.15 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mapick

功能描述

Mapick — Skill recommendation & privacy protection for OpenClaw. Scans your local skills, suggests what you're missing, and keeps other skills from seeing yo...

安全使用建议

Mapick appears to be what it says: a local recommender that sends limited anonymous telemetry to api.mapick.ai and enforces multiple client-side guards (endpoint allowlist, redaction, upload checks). Before installing, consider: 1) The default privacy model is opt-out and Mapick makes a single automatic call on first conversation (sends only device_fp). If you want zero network calls until you decide, run node scripts/shell.js privacy consent-decline immediately after install (SKILL.md documents this). 2) The persona 'share' flow uploads a Mapick-generated /tmp HTML after a redaction check — review scripts/redact.js to confirm the patterns removed meet your expectations. 3) The skill backs up uninstalled skill directories into ~/.openclaw/skills/mapick/trash/; that is local-only but will copy source trees—ensure you’re comfortable with that behavior. 4) If you want extra assurance, grep the included scripts (scripts/lib/http.js, scripts/redact.js, scripts/lib/core.js) to verify the allowlist and redaction logic yourself. Overall the package is internally consistent with its stated purpose.

功能分析

Type: OpenClaw Skill Name: mapick Version: 0.0.15 Mapick is a skill management and privacy utility for OpenClaw that implements robust security controls. It features a comprehensive local redaction engine (scripts/redact.js) to strip PII and API keys before any data leaves the machine, and a centralized network manifest (scripts/lib/http.js) that enforces an endpoint allowlist for api.mapick.ai. While the skill uses an opt-out telemetry model for anonymous usage statistics and skill recommendations, this behavior is transparently documented in the README.md and SKILL.md. The persona report sharing mechanism (scripts/lib/misc.js) is restricted to specific, redacted HTML files in /tmp, and the skill includes built-in audit logging (scripts/lib/audit.js) for user oversight of outbound traffic.

能力评估

✓ Purpose & Capability

Name/description match required permissions and code: it needs Node, reads installed SKILL.md files under ~/.openclaw/skills, writes to its own cache/trash paths, and talks only to api.mapick.ai. The requested binaries, file paths, and network host are proportionate to a local skill recommender/privacy helper.

ℹ Instruction Scope

SKILL.md and code limit runtime actions to scanning local skill frontmatter, running local Node entrypoints (scripts/shell.js), calling an allowlisted backend, redacting text before upload, and backing up a skill being uninstalled. Notable UX/privacy behavior: Mapick defaults to data-sharing ON and performs one automatic call to api.mapick.ai/assistant/status on first conversation sending only the device_fp; this is explicit in the SKILL.md but may surprise privacy-conscious users.

✓ Install Mechanism

No external install/download steps are declared. The skill is delivered with JS source bundled in the package (no runtime fetch-from-URL or extraction), so nothing is pulled from arbitrary URLs during runtime. This is low-risk relative to remote installers.

✓ Credentials

The skill requests no environment variables or unrelated credentials. Optional env vars (e.g., MAPICK_TRASH_TTL_DAYS) are for local behavior tuning only. File and network access are limited to declared paths and api.mapick.ai respectively; no API keys, tokens, or arbitrary files are required.

✓ Persistence & Privilege

Does not set always:true and uses persistent storage only for its own config/cache/logs (~/.mapick and its workspace mapick config). It writes a device_fp into its CONFIG.md and backs up uninstalled skills into its trash directory (local-only). Autonomous invocation is allowed (default) but that is the platform norm.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mapick
安装完成后，直接呼叫该 Skill 的名称或使用 /mapick 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.15

### Changed - Address ClawHub openclaw security review findings (CLAWHUB.md transparency improvements)

v0.0.14

### Changed - Split audit-log reader out of http.js to clear ClawHub potential_exfiltration scanner warning

v0.0.13

### Changed - Scan-safe build: removed all subprocess execution (fetch replaces curl, redact runs in-process, cron registration disabled)

v0.0.12

Restrict persona share uploads and fail closed when redaction is unavailable

v0.0.11

Parameterize subprocess calls to reduce shell-injection scan risk

v0.0.10

### Changed - Workspace shadow detection, diagnose command, cron deduplication, opt-out display polish, ClawHub README split

v0.0.6

### Changed - normal update

元数据

Slug mapick

版本 0.0.15

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Mapick 是什么？

Mapick — Skill recommendation & privacy protection for OpenClaw. Scans your local skills, suggests what you're missing, and keeps other skills from seeing yo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 74 次。

如何安装 Mapick？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mapick」即可一键安装，无需额外配置。

Mapick 是免费的吗？

是的，Mapick 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Mapick 支持哪些平台？

Mapick 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Mapick？

由 mapick-ai（@sunlleyevan）开发并维护，当前版本 v0.0.15。