← 返回 Skills 市场
OpenClaw Use Case Catalog
作者
Chunhua Liao
· GitHub ↗
· v1.0.0
683
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-usecase-catalog
功能描述
Comprehensive catalog of what people are doing with OpenClaw. Covers 15+ categories with real examples, sources, and inspiration. Use when asked about OpenCl...
安全使用建议
This is primarily a curated reference and is coherent with its stated purpose, but it contains and recommends operational examples that need credentials (git push, SSH, reading 2FA/messages, periodic heartbeats). Before installing or enabling this skill: 1) Do not grant it automatic write/push rights to your main GitHub account—use a dedicated repo and bot account if you want auto-push. 2) Review any findings files before committing to avoid accidental leakage of secrets or sensitive notes. 3) If you plan to implement examples (SSH, SMS monitoring, calendar access), provision dedicated, least-privilege credentials and service accounts; never reuse personal SSH keys or account tokens. 4) Consider removing or editing the git push/remote instructions in SKILL.md if you don't want the agent to push to a remote automatically. 5) If you lack operational controls, treat this as read-only documentation rather than an automation to run autonomously. If you want, I can suggest safe edits to SKILL.md that remove or clarify the push/credential steps.
功能分析
Type: OpenClaw Skill
Name: openclaw-usecase-catalog
Version: 1.0.0
The skill instructs the OpenClaw agent to perform web searches, write to the local file system (`findings/YYYY-MM-DD.md`), and execute `git add`, `git commit`, and `git push` commands to a remote GitHub repository (SKILL.md). This grants the agent powerful capabilities, including arbitrary shell command execution and network access, which are high-risk. The agent is also instructed to process untrusted content from web searches, creating a significant prompt injection vulnerability that could lead to unauthorized command execution (RCE) or data exfiltration via the `git push` mechanism. The `findings/` files further illustrate the agent's expected capabilities, including SSH access, browser automation with AppleScript, and interaction with sensitive systems, highlighting the broad attack surface and potential for abuse, even if the current intent is benign.
能力评估
Purpose & Capability
Name/description match the contents: this is a catalog of OpenClaw use cases. However, the SKILL.md instructs saving findings and running git commit && git push to a repo path ({github_org}/openclaw-skill-usecases). The skill declares no required credentials or env vars (e.g., no GIT or GitHub token). Asking the agent to perform pushes/SSH in examples without declaring or justifying credentials is a proportionality mismatch (likely because it's an instruction-only catalog, but it's still an inconsistency).
Instruction Scope
SKILL.md tells the agent to search the web, append bilingual entries to findings/YYYY-MM-DD.md, and commit/push. The bundled 'findings/' files include example snippets that show SSH commands, exec() usage, heartbeats, periodic scanning of SMS/messages and squeue via SSH. Those examples indicate workflows that access system resources and secrets (SSH keys, SMS 2FA). While the skill itself doesn't directly instruct the agent to read host secrets, the presence of operational examples that run commands and push changes broadens the scope and could cause accidental exposure if the agent is allowed to write files or push to GitHub.
Install Mechanism
No install spec and no code files to execute—this is instruction-only. That reduces direct install-time risk (nothing downloaded or extracted).
Credentials
Declared requirements: none. But the documented workflows and examples expect access to credentials/keys (GitHub pushes, SSH access to clusters, reading 2FA from messages, inbox scanning). Requiring no env vars while encouraging git pushes/SSH is disproportionate and ambiguous: if you enable agent actions, you'll need to decide which secrets to provide. There's risk of accidentally committing sensitive info into the findings files and then pushing to a remote repo.
Persistence & Privilege
Flags: always:false, user-invocable:true, model invocation allowed (default). The skill does not request persistent/automatic inclusion (no always:true). It contains suggestions for heartbeats/cron jobs in examples, but those are examples rather than settings in the manifest. No manifest-level privilege escalation observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-usecase-catalog - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-usecase-catalog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Comprehensive catalog of OpenClaw use cases
元数据
常见问题
OpenClaw Use Case Catalog 是什么?
Comprehensive catalog of what people are doing with OpenClaw. Covers 15+ categories with real examples, sources, and inspiration. Use when asked about OpenCl... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 683 次。
如何安装 OpenClaw Use Case Catalog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-usecase-catalog」即可一键安装,无需额外配置。
OpenClaw Use Case Catalog 是免费的吗?
是的,OpenClaw Use Case Catalog 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Use Case Catalog 支持哪些平台?
OpenClaw Use Case Catalog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Use Case Catalog?
由 Chunhua Liao(@chunhualiao)开发并维护,当前版本 v1.0.0。
推荐 Skills