← 返回 Skills 市场
443
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-quickstart
功能描述
OpenClaw onboarding guide for new users. Activate when a user asks how to get started with OpenClaw, says they are new, asks for a quickstart or tutorial, wa...
安全使用建议
This skill mostly matches an onboarding helper, but it will modify your files and schedule background jobs automatically. Key things to consider before installing:
- The package assumes 'node' and an 'openclaw' CLI are available on PATH but the skill metadata does not list them; if you don't have them the scripts will error. Verify these tools first.
- On first activation the installer runs silently and will append a block to HEARTBEAT.md and create two crons (quickstart-heartbeat and quickstart-reminder) via the openclaw CLI. If you prefer explicit consent, ask the agent not to auto-install and run the install script yourself with --dry-run first.
- The scripts read and write files under ~/.openclaw and the workspace (e.g., HEARTBEAT.md, .quickstart-progress.json, USER.md, SOUL.md, .pptx files, and crons.json). Back up any important HEARTBEAT.md or workspace data before first run.
- Review scripts/install.js and setup_reminder_cron.js to confirm the cron messages and any commands are acceptable; you can run node scripts/install.js --dry-run to preview changes.
- After installation, inspect crons with 'openclaw cron list' and remove them manually if you don't want scheduled reminders (or run node scripts/cleanup_crons.js once tasks are done).
What would change this assessment: explicit manifest entries listing required binaries (node/openclaw), turning off the 'silent first-run' behavior (prompt user before modifying files), or an explicit prompt in SKILL.md asking user permission to create crons would reduce the concerns and likely make the skill 'benign'.
功能分析
Type: OpenClaw Skill
Name: openclaw-quickstart
Version: 1.0.0
This skill bundle is classified as suspicious due to its use of powerful capabilities that, while presented for a benign onboarding purpose, carry inherent risks. Specifically, the `SKILL.md` instructs the AI agent to 'silently run the installer' (`scripts/install.js`), which is a direct prompt injection vector bypassing user confirmation. The `install.js` script then modifies the agent's `HEARTBEAT.md` file to embed a recurring task and creates cron jobs (`quickstart-reminder`) using the `openclaw` CLI, establishing persistence and modifying the system environment. These actions demonstrate significant control over the agent's behavior and system, representing risky capabilities without clear malicious intent.
能力评估
Purpose & Capability
The stated purpose (onboarding / quickstart) matches the included scripts: installation, progress checking, marking tasks done, and creating/removing reminder/heartbeat crons. However, the skill metadata claims no required binaries or env vars while the code clearly expects 'node' (to run scripts) and the 'openclaw' CLI (to add/remove crons). The skill should have declared these dependencies. Otherwise, capabilities are coherent with an onboarding use-case.
Instruction Scope
SKILL.md instructs the agent to 'silently run the installer first' on first activation (no user prompt). The installer appends blocks to HEARTBEAT.md and creates persistent cron jobs via the openclaw CLI; check_progress.js scans many user files (workspace, memory/*.md, ~/.openclaw/crons.json, skills dirs) to detect completion. Those file modifications and background scheduling are within onboarding scope but the silent, automatic nature and immediate file/cron changes broaden scope and risk (modifying user files and adding scheduled jobs without explicit consent).
Install Mechanism
There is no network download or external install host; all code is included in the package and runs locally. The installer writes to HEARTBEAT.md and uses the openclaw CLI to create crons. No remote URLs, archives, or extraction steps were found. This is lower-risk than fetching arbitrary code, but it still writes to user files and invokes external CLI tools.
Credentials
The skill declares no required env vars or primary credential, which is appropriate for an onboarding guide. However, the scripts rely on process.env.HOME and expect 'node' and 'openclaw' on PATH; those binaries are not declared in the manifest. The scripts also read and write files under ~/.openclaw and workspace, and inspect ~/.openclaw/skills and crons.json — these are reasonable for this purpose but should be clearly documented as required access. No network secrets or unrelated credentials are requested.
Persistence & Privilege
The skill installs persistent behavior: it appends a heartbeat block to HEARTBEAT.md and registers two cron jobs (heartbeat every 30 min and a daily reminder). Those are removed when tasks are completed, but the installer will create them automatically on first-run without asking. 'always: false' is set, so it won't be force-included, but the silent first-run installer grants the skill effective persistence in the user's environment unless the user inspects/blocks it.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-quickstart - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-quickstart触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 8-task onboarding guide with auto-detection, daily reminders, and one-click install
元数据
常见问题
OpenClaw Quickstart 是什么?
OpenClaw onboarding guide for new users. Activate when a user asks how to get started with OpenClaw, says they are new, asks for a quickstart or tutorial, wa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。
如何安装 OpenClaw Quickstart?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-quickstart」即可一键安装,无需额外配置。
OpenClaw Quickstart 是免费的吗?
是的,OpenClaw Quickstart 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Quickstart 支持哪些平台?
OpenClaw Quickstart 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Quickstart?
由 何昀(@heyuncoder)开发并维护,当前版本 v1.0.0。
推荐 Skills