← 返回 Skills 市场
Mobb Vulnerabilities Fixer
作者
Jonathan Santilli
· GitHub ↗
· v0.1.2
1445
总下载
3
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install mobb-vulnerabilities-fixer
功能描述
Scan, fix, and remediate security vulnerabilities in a local code repository using Mobb MCP/CLI. Use when the user asks to scan for vulnerabilities, run a security check, auto-fix issues, remediate findings, or apply Mobb fixes (e.g., \"scan this repo\", \"fix security issues\", \"remediate vulnerabilities\", \"run Mobb on my changes\").
安全使用建议
This skill appears to do what it says: it drives your local Mobb MCP/CLI to scan a repository and apply fixes but expects you to (1) run and trust the MCP service/tool locally, (2) provide or configure a Mobb API key or complete the browser login flow yourself, and (3) review and explicitly approve any patches before they are applied. Before installing/invoking: ensure your local MCP binary/server is from a trusted source, be prepared to authenticate via the browser flow or set an API key locally (the skill's docs are slightly inconsistent about whether the agent should read env vars), and do not allow the skill to auto-apply fixes without your explicit consent. If you want greater assurance, ask the skill author to clarify which environment variables it reads, or require the agent to only accept credentials that you paste into the session at runtime rather than reading them from the environment automatically.
功能分析
Type: OpenClaw Skill
Name: mobb-vulnerabilities-fixer
Version: 0.1.2
The skill is designed to use a pre-installed and user-managed Mobb MCP server for vulnerability scanning and fixing. The instructions in `SKILL.md` and `mobb-auth.md` explicitly prohibit the agent from reading environment variables directly, installing/launching the MCP server, or applying fixes without explicit user consent. These safeguards, combined with the rejection of path traversal and clear instructions for user interaction, indicate a strong focus on transparency and user control, with no evidence of malicious intent or high-risk behaviors beyond the stated purpose.
能力评估
Purpose & Capability
The skill's name and description match the runtime instructions: it drives an existing Mobb MCP/CLI to scan a local repo and apply fixes. It expects MCP to be available and instructs the agent to call MCP APIs such as scan_and_fix_vulnerabilities and fetch_available_fixes, which is appropriate for the stated purpose. Minor gap: metadata declares no required binaries/env but the instructions assume an external MCP service/tool is present (the skill explicitly tells the agent not to install/launch MCP itself).
Instruction Scope
SKILL.md stays within the scope of scanning and applying fixes: it requires an absolute repo path, uses pagination rules, asks for explicit user consent before applying patches, and instructs not to auto-rescan or auto-page. No instructions request broad system access or tell the agent to read unrelated files. Notable inconsistency: references/mobb-auth.md says 'Do not read or request environment variables directly' while SKILL.md says 'Prefer API_KEY in the environment' — this is a contradictory guidance about how the agent should obtain credentials and should be clarified.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, which minimizes installation risk. The skill assumes MCP is locally available but explicitly forbids installing or launching it on the agent's behalf.
Credentials
Declared requirements list no environment variables or credentials, but the instructions reference an API key (API_KEY or MOBB_API_KEY) and an optional API_URL/WEB_APP_URL for non-default tenants. This is reasonable for a client that interacts with a service, but the metadata could be clearer. The contradictory guidance about 'do not read env vars directly' vs. 'prefer API_KEY in the environment' should be resolved: the agent must not attempt to exfiltrate secrets and should only use creds the user explicitly provides or configures locally.
Persistence & Privilege
The skill is not always-included and does not request persistent system-wide privileges. It instructs the user to run their own MCP service and does not attempt to modify other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mobb-vulnerabilities-fixer - 安装完成后,直接呼叫该 Skill 的名称或使用
/mobb-vulnerabilities-fixer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Remove npx execution; require MCP already running; tighten auth guidance
v0.1.1
Update: require confirmation for npx and patch application
v0.1.0
Initial release
元数据
常见问题
Mobb Vulnerabilities Fixer 是什么?
Scan, fix, and remediate security vulnerabilities in a local code repository using Mobb MCP/CLI. Use when the user asks to scan for vulnerabilities, run a security check, auto-fix issues, remediate findings, or apply Mobb fixes (e.g., \"scan this repo\", \"fix security issues\", \"remediate vulnerabilities\", \"run Mobb on my changes\"). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1445 次。
如何安装 Mobb Vulnerabilities Fixer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mobb-vulnerabilities-fixer」即可一键安装,无需额外配置。
Mobb Vulnerabilities Fixer 是免费的吗?
是的,Mobb Vulnerabilities Fixer 完全免费(开源免费),可自由下载、安装和使用。
Mobb Vulnerabilities Fixer 支持哪些平台?
Mobb Vulnerabilities Fixer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mobb Vulnerabilities Fixer?
由 Jonathan Santilli(@jonathansantilli)开发并维护,当前版本 v0.1.2。
推荐 Skills