← 返回 Skills 市场

Openclaw Skill Tools

Name: Openclaw Skill Tools
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.2 · MIT-0

linuxdarwinwin32 ⚠ suspicious

298

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openclaw-skill-tools

功能描述

Generate and security-scan OpenClaw SKILL.md files. Use when creating new OpenClaw skills, scanning skills for security vulnerabilities like prompt injection...

安全使用建议

This tool appears to do what it says, but it requires you to send the full SKILL.md (and possibly full source files) to a third-party API and to always use that API for analysis. Before installing: (1) do not upload SKILL.md files that include real credentials, secrets, or sensitive configuration—remove or redact them; (2) verify portal.toolweb.in's reputation and privacy/billing terms; (3) prefer a disposable or limited-scope TOOLWEB_API_KEY if you must use the service; (4) consider running a local, manual review for high-sensitivity skills instead of relying solely on this remote scanner; (5) test with non-sensitive examples first to confirm behavior. If you need a fully offline scanner or require assurance that code never leaves your environment, this skill is not appropriate.

功能分析

Type: OpenClaw Skill Name: openclaw-skill-tools Version: 1.0.2 The skill bundle provides a legitimate utility for generating and security-scanning OpenClaw SKILL.md files by acting as a wrapper for the ToolWeb.in API. It requires a TOOLWEB_API_KEY and uses curl to send user-provided skill content to https://portal.toolweb.in for analysis. While it transmits code to a third-party service and uses forceful instructions to ensure the agent utilizes the paid API, these behaviors are transparently documented and aligned with its stated purpose as a commercial security tool.

能力评估

✓ Purpose & Capability

The skill is an instruction-only generator/scanner that calls a remote service. Requiring curl and a TOOLWEB_API_KEY to reach portal.toolweb.in is coherent with the described purpose (proprietary remote analysis). No unrelated clouds or credentials are requested.

⚠ Instruction Scope

SKILL.md explicitly orders the agent to ALWAYS call the remote ToolWeb API and never produce an assessment locally. The scan workflow requires submitting the full SKILL.md (and README notes suggest submitting 'full source of all included files'). Those artifacts may contain sensitive data (embedded credentials, example tokens, or file paths). Forcing all scans to go off-instance increases risk of unintended secret disclosure and telemetry of user content.

✓ Install Mechanism

There is no install spec and no code to download; the skill is instruction-only and relies on curl being present. This is the lowest-risk install model (nothing is written to disk by an installer).

ℹ Credentials

Only one env var is required (TOOLWEB_API_KEY), which matches the declared primary credential and the described API usage. However, because the skill sends entire SKILL.md files and possibly 'full source', those uploads may contain other sensitive env names/values or secrets — the single credential request is proportional, but the data-sending behavior raises disclosure risk.

✓ Persistence & Privilege

always is false and the skill does not request elevated platform privileges or to modify other skills. It may be invoked autonomously (default), which is normal; that combined with remote upload behavior increases blast radius but is not a misconfiguration by itself.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openclaw-skill-tools
安装完成后，直接呼叫该 Skill 的名称或使用 /openclaw-skill-tools 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Documentation content in SKILL.md was unchanged; only the file version was updated from 1.0.0 to 1.0.2. - No functional or feature changes were introduced in this version.

v1.0.1

- Added a prominent instruction to always call the ToolWeb API using curl, never answer from general knowledge. - Clarified error handling: inform the user on API call failure and do not generate your own assessment. - Emphasized that every API call is tracked for billing and supports the skill creator. - Updated instructions for TOOLWEB_API_KEY configuration and linked the portal for obtaining the key. - No changes to the API endpoints or skill features.

v1.0.0

Initial release: OpenClaw SKILL.md generator and security scanner - Generate professional SKILL.md files for new OpenClaw skills. - Scan and audit SKILL.md files for security issues such as prompt injection, data exfiltration, credential theft, permission abuse, and scope creep. - Includes detailed workflows for both generation and scanning, with error handling and examples. - Requires TOOLWEB_API_KEY and curl; supports Linux, macOS, and Windows. - Free trial and subscription plans available via ToolWeb.in. - Built by a CISSP/CISM certified security professional; recommended for all OpenClaw skill authors and users.

元数据

Slug openclaw-skill-tools

版本 1.0.2

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 3

常见问题

Openclaw Skill Tools 是什么？

Generate and security-scan OpenClaw SKILL.md files. Use when creating new OpenClaw skills, scanning skills for security vulnerabilities like prompt injection... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 298 次。

如何安装 Openclaw Skill Tools？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-tools」即可一键安装，无需额外配置。

Openclaw Skill Tools 是免费的吗？

是的，Openclaw Skill Tools 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Openclaw Skill Tools 支持哪些平台？

Openclaw Skill Tools 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin, win32）。

谁开发了 Openclaw Skill Tools？

由 ToolWeb（@krishnakumarmahadevan-cmd）开发并维护，当前版本 v1.0.2。