← 返回 Skills 市场
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-claude-bridge
功能描述
Use when user asks about Bridge to local Claude Code CLI - no API key required
安全使用建议
This skill is plausible for running a local Claude CLI, but there are clear mismatches and risky behaviors you should weigh before installing:
- Inconsistency: metadata claims no binaries/configs required, but SKILL.md and code require the 'claude' CLI and expect access to your ~/.openclaw/workspace and other skill directories.
- Broad filesystem actions: many task scripts (tasks/*.sh) and generated scripts ask Claude to read and edit files across the workspace (other skills and core files). The Python wrapper creates and executes shell scripts via subprocess.run.
- Effective privileges: although the skill isn't declared 'always' enabled, when invoked it can create/execute scripts that perform wide-ranging edits. That can modify other skills or code in your workspace.
Recommendations before using:
1. Inspect the code yourself (claude_bridge.py and tasks/*.sh/.json) and the generated scripts to confirm exactly what will run.
2. Do not run it on a production or sensitive workspace. Try it in an isolated/sandbox environment or throwaway VM/container with a fake ~/.openclaw workspace.
3. If you proceed, ensure file permissions limit its write access, and review all generated task scripts before executing them.
4. Consider whether you want a skill that can instruct the model to use Read/Edit/Bash on arbitrary files — if not, avoid installing.
If you want, I can point out the exact lines that create/execute shell scripts and the tasks that ask for full filesystem edits so you can review them more quickly.
功能分析
Type: OpenClaw Skill
Name: openclaw-claude-bridge
Version: 1.0.0
The 'claude-bridge' skill acts as a wrapper for the Claude Code CLI, providing a mechanism to generate and automatically execute shell scripts containing AI-generated commands. The core logic in `claude_bridge.py` uses `subprocess.run` to execute bash scripts that grant the AI full 'Read, Edit, Bash' permissions over the local filesystem. While the included tasks in the `tasks/` directory (e.g., `fix_db_cache_002.sh`, `fix_web_ui_full_access.sh`) appear to be for legitimate development purposes like refactoring and analysis, the architecture creates a high-risk environment for Remote Code Execution (RCE) without adequate sandboxing or input sanitization. The tool also includes scripts to deeply analyze the host's OpenClaw architecture and source code, which could be used for reconnaissance.
能力评估
Purpose & Capability
Name/description: 'bridge to local Claude Code CLI' matches main functionality, but metadata declares no required binaries/env/configs while SKILL.md and code clearly require the 'claude' CLI and access to the user's OpenClaw workspace (e.g. /Users/mars/.openclaw/...). The skill therefore underdeclares what it needs and will touch.
Instruction Scope
SKILL.md and claude_bridge.py create task scripts that call 'claude' with --allowedTools "Read,Edit,Bash" and many tasks' prompts explicitly instruct Claude to read/edit arbitrary files across the user's workspace (other skills, system paths, ~/.openclaw/workspace). The runtime flow writes and executes shell scripts and asks the model to modify files outside the skill directory — scope creep and potential for broad file access/modification.
Install Mechanism
No install spec (instruction-only) which is lower install risk, but the package includes many ready-to-run .sh task scripts and a Python wrapper that creates/executes shell scripts. Those files will be written to disk and executed by subprocess.run when used, increasing runtime risk despite no installer.
Credentials
Registry metadata lists no required env vars or config paths, yet code assumes a 'claude' binary is present and task prompts target user workspace paths. The skill also constructs tasks that request file system edits across unrelated projects (agent-memory, a-stock-monitor, kairos-mode). The declared environment footprint is smaller than the actual access needed.
Persistence & Privilege
always:false (good), but the skill's tasks explicitly request permission to read and edit many files across the user's workspace and will create/execute shell scripts under skills/claude-bridge/tasks/. That behavior amounts to broad file-system modification ability and can change other skills' code — a significant privilege in practice.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-claude-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-claude-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Local bridge for Claude Code integrations without API keys.
- Enables code generation, code review, and data analysis via locally installed Claude Code CLI.
- No API key required; uses user’s existing Claude subscription with login.
- Supports both manual (shell/sh) and automated (Python) execution workflows.
- Results are stored locally for review; integrates with OpenClaw Agent for seamless workflow.
- Requires that Claude Code is installed, logged in, and subscription is valid.
元数据
常见问题
OpenClaw CLAUDE BRIDGE 是什么?
Use when user asks about Bridge to local Claude Code CLI - no API key required. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。
如何安装 OpenClaw CLAUDE BRIDGE?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-claude-bridge」即可一键安装,无需额外配置。
OpenClaw CLAUDE BRIDGE 是免费的吗?
是的,OpenClaw CLAUDE BRIDGE 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw CLAUDE BRIDGE 支持哪些平台?
OpenClaw CLAUDE BRIDGE 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw CLAUDE BRIDGE?
由 cry779(@cry779)开发并维护,当前版本 v1.0.0。
推荐 Skills