← 返回 Skills 市场
OpenClaw Mobile Pair
作者
szx19970521
· GitHub ↗
· v0.1.1
· MIT-0
294
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-mobile-pair
功能描述
一键生成 OpenClaw 手机控制中心连接码(自动读取本机 gateway token)
安全使用建议
Do not run or enable this skill yet. Ask the publisher for the missing scripts/generate-mobile-pairing.ps1 and a clear explanation of what it reads and what endpoints (if any) it talks to. Before installing, require: (1) the full script source for review, (2) a declaration of which local files or environment variables it needs (and why), and (3) assurance it does not upload tokens to external servers. Avoid running with PowerShell ExecutionPolicy Bypass unless you (or your security team) have audited the script in a safe sandbox. If the publisher cannot provide source or a trustworthy homepage, treat the skill as unsafe.
功能分析
Type: OpenClaw Skill
Name: openclaw-mobile-pair
Version: 0.1.1
The skill is classified as suspicious because it explicitly states it will 'automatically read the local gateway token' (sensitive credential access) and executes a PowerShell script (scripts/generate-mobile-pairing.ps1) with '-ExecutionPolicy Bypass'. Since the actual script content is missing from the provided files, the logic for handling the token and the potential for exfiltration to the user-provided BFF URL cannot be audited for safety.
能力评估
Purpose & Capability
The name/description say the skill will auto-read a local 'gateway token' and generate a mobile pairing code. However, the package contains no script or declared config paths/env vars to perform that action. Requesting access to a local gateway token is plausible for the stated purpose, but the skill does not justify or declare how it will obtain that secret.
Instruction Scope
Runtime instructions tell the agent to run scripts/generate-mobile-pairing.ps1 with 'ExecutionPolicy Bypass' — a potentially sensitive operation that may read local files or secrets. The referenced script is not included in the skill, so it's unclear what will run or what data it reads/transmits. The instructions give the agent broad permission to execute an external PowerShell script which could access or exfiltrate tokens.
Install Mechanism
There is no install spec and no included code besides SKILL.md and VERSION.txt, which is low risk in itself. Note: the skill nevertheless expects an external script to exist at runtime, which is not provided; that runtime dependency increases practical risk even without an installer.
Credentials
The description implies access to sensitive local credentials (gateway token) but the skill does not declare required env vars or config paths. Requiring an undisclosed local secret is disproportionate and unexplained. The use of PowerShell with ExecutionPolicy Bypass further raises the potential for elevated access to local state.
Persistence & Privilege
The skill is not marked always:true and does not request persistent installation or modification of other skills/settings. It appears not to request elevated platform privileges by itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-mobile-pair - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-mobile-pair触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Update mobile pairing workflow.
元数据
常见问题
OpenClaw Mobile Pair 是什么?
一键生成 OpenClaw 手机控制中心连接码(自动读取本机 gateway token). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。
如何安装 OpenClaw Mobile Pair?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-mobile-pair」即可一键安装,无需额外配置。
OpenClaw Mobile Pair 是免费的吗?
是的,OpenClaw Mobile Pair 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Mobile Pair 支持哪些平台?
OpenClaw Mobile Pair 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Mobile Pair?
由 szx19970521(@szx19970521)开发并维护,当前版本 v0.1.1。
推荐 Skills