← 返回 Skills 市场
mr-liu-lang

Openclaw Skill Checker

作者 Mr-Liu-lang · GitHub ↗ · v1.0.0 · MIT-0
linuxdarwinwin32 ✓ 安全检测通过
126
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-skill-checker
功能描述
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
安全使用建议
This skill appears to be what it claims: a human-/agent-led vetting checklist. Before using it: (1) run its checks in an isolated environment (temp dir, container, or VM) so 'clawhub install' or other client actions cannot execute unreviewed code on your main system; (2) manually verify any remote URLs the tool fetches (GitHub raw content, API endpoints); (3) be cautious that the tool’s quick-commands may invoke external tooling — prefer to fetch archives and inspect them rather than auto-running installers; (4) note a minor metadata inconsistency: registry metadata and _meta.json show different ownerId values — verify the source/author on ClawHub/GitHub before trusting results. Overall this skill is coherent and useful as part of a secure workflow, but don’t let automated vetting replace manual review for high-risk skills.
功能分析
Type: OpenClaw Skill Name: openclaw-skill-checker Version: 1.0.0 The 'skill-vetter' bundle is a security-focused protocol designed to help AI agents audit other skills before installation. It provides structured checklists for identifying red flags like credential theft, obfuscated code, and unauthorized network calls in SKILL.md. The included bash commands (using curl and jq) are standard tools for querying the GitHub API and ClawHub to verify source reputation, aligning perfectly with its stated purpose of risk mitigation.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
Name, description, and runtime instructions all describe a vetting/checklist tool. Required binaries (curl, jq) are reasonable for the GitHub/HTTP checks shown in the SKILL.md.
Instruction Scope
Instructions focus on inspecting skill files, GitHub metadata, and running read-only commands to fetch/print files. This is appropriate for vetting, but some quick-commands (e.g., 'clawhub install') could invoke installer behavior — the SKILL.md does recommend installing to a temp dir for review, which mitigates risk. Also the vetting checklist mandates reading ALL files in the skill (which is appropriate) but does not instruct reading user home credential files; it flags those as red flags to reject if present.
Install Mechanism
No install specification and no code files are included; it's instruction-only which minimizes disk writes and attack surface.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md explicitly treats access to ~/.ssh, ~/.aws, etc. as red flags, which is proportionate for a vetter.
Persistence & Privilege
The skill is not marked always:true and does not request persistent or elevated privileges. It does not instruct modifying other skills or system-wide agent config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-skill-checker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-skill-checker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-vetter — a security vetting protocol for AI agent skills. - Provides red flag detection for credential theft, code obfuscation, and data exfiltration. - Implements a multi-step vetting process: source check, code review, permission analysis, and risk classification. - Outputs structured vetting and risk classification reports (LOW/MEDIUM/HIGH/EXTREME). - Includes actionable checklists and vetting report templates. - Never install untrusted skills without running this vetting procedure first.
元数据
Slug openclaw-skill-checker
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 0
历史版本数 1
常见问题

Openclaw Skill Checker 是什么?

Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 126 次。

如何安装 Openclaw Skill Checker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-checker」即可一键安装,无需额外配置。

Openclaw Skill Checker 是免费的吗?

是的,Openclaw Skill Checker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Openclaw Skill Checker 支持哪些平台?

Openclaw Skill Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Openclaw Skill Checker?

由 Mr-Liu-lang(@mr-liu-lang)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论