← 返回 Skills 市场
482
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install nitan
功能描述
Use the local Nitan MCP stdio server for uscardforum.com search, reading, monitoring, and auth setup guidance. Secure-by-default wrappers use npx --no-instal...
安全使用建议
This skill is a thin local bridge to the nitan-mcp CLI and the files match that purpose. Before installing, verify you trust the upstream package (@nitansde/mcp on npm/GitHub) because enabling NITAN_MCP_ALLOW_INSTALL will cause npx to download and run remote code; prefer pinning a version or installing the CLI globally. Be aware that API keys created by the CLI are saved to the platform's default profile location (so review where they are stored if you care about local persistence). Do not paste forum passwords into chat (the skill itself forbids that). If you do not trust the npm package source, do not enable install-on-demand and instead install the CLI from a vetted source or avoid the skill.
功能分析
Type: OpenClaw Skill
Name: nitan
Version: 1.0.6
The nitan skill acts as a bridge to a local MCP server for interacting with uscardforum.com. It demonstrates strong security posture by defaulting to 'npx --no-install' in scripts/mcp_call.sh to prevent unauthorized package downloads and provides an explicit authentication wizard in SKILL.md that avoids handling raw passwords in chat. The implementation uses standard JSON-RPC over stdio and lacks any indicators of data exfiltration, persistence, or malicious execution.
能力标签
能力评估
Purpose & Capability
The skill's declared purpose (bridge to a local Nitan MCP stdio server for uscardforum.com) matches the required binaries (npx, nitan-mcp), the npm install spec (@nitansde/mcp), and the included shell/python wrappers. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructions confine the agent to launching and communicating with a local MCP subprocess over stdin/stdout, using only the tools exposed by that server. The auth wizard avoids asking for passwords in chat and documents three reasonable auth flows. The instructions do not ask to read unrelated filesystem locations or send data to third-party endpoints.
Install Mechanism
Install uses an npm package (@nitansde/mcp) which is appropriate for a CLI tool. The wrapper defaults to npx --no-install (secure). There is an explicit opt-in (NITAN_MCP_ALLOW_INSTALL) that will run npx -y and install remote package code — this is expected but increases risk if the package/source is untrusted, so pin versions or install globally if you trust it.
Credentials
No required environment variables or secrets are declared. Optional env vars are reasonable for this use case (package override, allow-install flag, response timeout, optional username/password or API key). Requesting NITAN_USERNAME/NITAN_PASSWORD only as an optional password-env mode is proportionate; the skill explicitly instructs not to paste passwords into chat and prefers API keys.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills' configs. It documents that the MCP client saves API keys to the platform's default profile location — reasonable for a client tool but something the user should be aware of.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nitan - 安装完成后,直接呼叫该 Skill 的名称或使用
/nitan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
nitan 1.0.6
- Added new wrapper: scripts/discourse_get_trust_level_progress.sh for querying trust level progress.
- Improved authentication guidance: now includes an interactive wizard for API key setup, password environment variable configuration, or public read-only mode.
- Updated documentation (SKILL.md) to explain the new API key authentication flow and clarify env var setup.
- Added _meta.json for better metadata support.
v1.0.5
Fix metadata/env transparency: remove required env gating, mark credentials/timezone/package controls as optional, align SKILL.md with runtime behavior and security review feedback.
v1.0.4
Rename listing to US Card Forum (slug unchanged).
v1.0.3
- Simplified installation and runtime instructions; global install via npm is now recommended.
- Tightened documentation to remove advanced env var and install-on-demand logic.
- Shell wrappers now assume default use: `npx --no-install nitan-mcp`.
- Clarified authentication and tool usage; supports only server-exposed tools, with no fallback logic.
- Security and compliance sections updated for clarity; removed all local repo execution steps.
v1.0.2
Security metadata + env declaration updates; secure-by-default --no-install runner; explicit opt-in install mode via NITAN_MCP_ALLOW_INSTALL; docs/implementation alignment.
v1.0.1
nitan 1.0.1
- No file changes detected in this version.
- No user-facing changes; documentation and behavior remain consistent with the previous release.
v1.0.0
nitan v1.0.0
- Initial release: bridge to local Nitan MCP stdio server for uscardforum.com workflows.
- Supports search, reading, monitoring, and (optionally) posting via stdio MCP tools.
- Includes shell wrappers for core and per-tool calls; no direct forum logic in the skill.
- Read-only by default; posting requires explicit user intent and valid MCP credentials.
- Adheres to strict security and review guidelines; no hidden install steps, secrets, or ambiguous behavior.
元数据
常见问题
US Card Forum 是什么?
Use the local Nitan MCP stdio server for uscardforum.com search, reading, monitoring, and auth setup guidance. Secure-by-default wrappers use npx --no-instal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 482 次。
如何安装 US Card Forum?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nitan」即可一键安装,无需额外配置。
US Card Forum 是免费的吗?
是的,US Card Forum 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
US Card Forum 支持哪些平台?
US Card Forum 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 US Card Forum?
由 Nitan SDE(@nitansde)开发并维护,当前版本 v1.0.6。
推荐 Skills