← 返回 Skills 市场
289
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ningyao-voice-launcher
功能描述
Install and configure a local browser-based Chinese voice chat launcher with the Ning Yao persona, including one-click Windows launchers, browser speech I/O,...
安全使用建议
What to check before installing or running:
- Treat this as code you run locally: inspect server.js before running. Pay attention to the terminal endpoint and file-read logic. The current code disallows '..' and shell metacharacters but does NOT prevent absolute paths; patch matchAllowedCommand to resolve and ensure requested files are inside the workspace directory (use path.resolve and verify startsWith workspaceDir).
- Do NOT supply an organizational or high-privilege OpenAI key. Use a dedicated, limited-scope key or test account because chat and screen images are sent to the model provider.
- If you enable screen capture, assume the images will be transmitted to the configured OpenAI-compatible endpoint. Avoid sharing sensitive screens.
- Fix the metadata: the skill registry entry should declare OPENAI_API_KEY (and any other required env vars). The mismatch between metadata and SKILL.md is confusing and should be corrected.
- Consider running the server in an isolated environment (VM/container) until you are confident. Run npm install in a controlled environment and review dependencies (express, openai are expected).
- Consider removing or editing the publish-clawhub.mjs file: it references absolute local paths and local file system tooling — harmless if not executed but odd in a distributed package.
If you want, I can produce a small patch for server.js to safely constrain terminal 'type' to workspaceDir (resolve path and block absolute paths), and a checklist of environment variables to add to package metadata.
功能分析
Type: OpenClaw Skill
Name: ningyao-voice-launcher
Version: 0.1.0
The bundle provides a local voice chat application with a 'safe terminal' feature in `server.js` that is vulnerable to command injection. The `/api/terminal` endpoint uses `cmd /c` to execute commands, and while it employs a whitelist/blacklist, the sanitization for the `type` command is insufficient to prevent all forms of shell metacharacter exploitation. Furthermore, `SKILL.md` instructs the AI agent to perform high-risk administrative tasks, such as executing a PowerShell script (`scripts/install-launcher.ps1`) with `ExecutionPolicy Bypass`. While these features appear intended for a developer utility rather than being explicitly malicious, the combination of RCE vulnerabilities and high-privilege execution instructions warrants a suspicious classification.
能力评估
Purpose & Capability
The skill's stated purpose is a local browser-based Ning Yao voice chat front end. The code and assets match that purpose (client UI, server calling OpenAI, screen capture, safe terminal). However the registry metadata lists no required env vars while the runtime instructions and server code require OPENAI_API_KEY (and optionally other OPENAI_* envs). That mismatch is incoherent — installing agents/tools should surface that this skill needs an API key.
Instruction Scope
SKILL.md instructs copying the bundled template, installing npm deps, creating .env with OPENAI_API_KEY, and running. The server exposes /api/chat, /api/screen, and /api/terminal. The SKILL.md and README claim the terminal is '只读 + 开发白名单' and limited to current-directory safe reads, but server.js's matchAllowedCommand allows 'type <path>' only checking for '..' and shell metacharacters; it does not forbid absolute paths (e.g. C:\Windows\... ) or otherwise ensure files are under the workspace directory. That contradicts the claim and creates risk of reading arbitrary local files. Also the client captures screen images and posts them to /api/screen which the server forwards to OpenAI — that means potentially sensitive screen content will be sent to the remote model using your OpenAI key.
Install Mechanism
There is no remote installer or network-download install step in the skill metadata; the package is instruction + included local files. That is lower risk than arbitrary remote downloads. The repo does contain a publish script that references local absolute paths on the author's machine, which is odd but not itself a remote-install risk.
Credentials
The server code requires OPENAI_API_KEY (and optionally OPENAI_BASE_URL, OPENAI_MODEL, OPENAI_TIMEOUT_MS, SYSTEM_PROMPT). The registry metadata claimed no required env vars — a discrepancy. The OPENAI_API_KEY will be used to send chat and screen images to the model provider; supplying a high-privilege or organizational key would expose all sent screen captures and chat content to that provider. The SKILL.md exposes SYSTEM_PROMPT (persona) which is expected, but a prompt-injection pattern was detected in SKILL.md (see scan_findings_in_context).
Persistence & Privilege
always is false (not force-included). The skill doesn't request system-wide modifications or other skills' configs. It will run a local server and can be invoked by the agent (default autonomous invocation allowed). That combination is normal for a local launcher; no elevated persistence/config edits are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ningyao-voice-launcher - 安装完成后,直接呼叫该 Skill 的名称或使用
/ningyao-voice-launcher触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release
元数据
常见问题
Ningyao Voice Launcher 是什么?
Install and configure a local browser-based Chinese voice chat launcher with the Ning Yao persona, including one-click Windows launchers, browser speech I/O,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 289 次。
如何安装 Ningyao Voice Launcher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ningyao-voice-launcher」即可一键安装,无需额外配置。
Ningyao Voice Launcher 是免费的吗?
是的,Ningyao Voice Launcher 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ningyao Voice Launcher 支持哪些平台?
Ningyao Voice Launcher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ningyao Voice Launcher?
由 jiwannian(@jiwannian)开发并维护,当前版本 v0.1.0。
推荐 Skills