← 返回 Skills 市场
openlist
作者
okami-horo
· GitHub ↗
· v1.0.0
· MIT-0
218
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openlist-skill
功能描述
Execute safe file operations via OpenList API with preview-apply workflow for browsing, moving, renaming, deleting, offline tasks, and audit logging.
安全使用建议
This skill appears to implement the OpenList preview-then-apply workflow and uses OPENLIST_BASE_URL and OPENLIST_TOKEN — which is appropriate — but the registry metadata incorrectly lists no required env vars. Before installing: (1) verify the skill's source/trustworthiness (homepage unknown, owner ID only), (2) ensure OPENLIST_TOKEN you provide is scoped minimally (not a full admin token if not needed), (3) understand that the script will read .env at the repository root and skills/openlist/.env (remove or audit those files first to avoid leaking unrelated secrets), (4) review the full openlist.py source to confirm there are no unexpected network calls or telemetry, and (5) run the skill in an isolated environment or with a token that has only the necessary permissions. If the publisher can correct the registry metadata and explicitly document .env reading and audit contents/redaction behavior, that would reduce concern.
功能分析
Type: OpenClaw Skill
Name: openlist-skill
Version: 1.0.0
The OpenList skill is a well-architected tool for managing file operations via an API, featuring robust safety mechanisms such as a mandatory 'preview-and-apply' workflow and comprehensive plan validation. It includes proactive security measures like endpoint allowlisting, path normalization, and an audit logging system (scripts/openlist.py) that redacts sensitive credentials. The instructions in SKILL.md explicitly guide the AI agent to seek user confirmation and provide warnings for destructive actions, demonstrating a clear focus on safe and auditable operation.
能力评估
Purpose & Capability
The name/description and the included Python CLI implement browsing, move/rename/delete previews and apply, offline tasks, and audit logging against an OpenList HTTP API — this is coherent with the stated purpose. However the published registry metadata claims no required environment variables while SKILL.md (and the code) require OPENLIST_BASE_URL and OPENLIST_TOKEN. That metadata mismatch is unexpected and should be corrected/clarified.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script and to read configuration from environment variables and from .env files at the repository root and skill folder. The code loads repo_root()/.env and skills/openlist/.env automatically; that can expose unrelated repository secrets if present. Apart from that, instructions limit network calls to the OpenList endpoints and require a preview/apply workflow for state changes which is appropriate. The .env reading behavior is a scope creep risk and should be explicitly acknowledged by the user.
Install Mechanism
There is no install spec or external download. The skill is delivered with a Python script that will run in the agent environment. No remote install or URL-based code pull was observed, which lowers installation risk.
Credentials
Requiring OPENLIST_BASE_URL and OPENLIST_TOKEN is reasonable for a service client. But the registry metadata omits these requirements (declares none), creating an inconsistency. Additionally, the script will merge OS environment variables with .env files and therefore can read any env var present; automatic reading of repo .env files could surface unrelated secrets — this is disproportionate if users assume only the two OpenList variables will be accessed.
Persistence & Privilege
The skill is not always: true and not requesting elevated platform privileges. It writes an audit JSONL to ~/.codex/openlist/audit.jsonl (declared in docs) but does not appear to modify other skills or global agent configuration. Autonomous invocation is enabled by default on the platform, which is normal; no extra persistence flags are present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openlist-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/openlist-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of OpenList skill for AI Agent automation via OpenList HTTP API.
- Supports common auditable and reversible file operations: browsing, moving, renaming, single-path delete, creating offline tasks, and task management.
- Enforces a two-step preview + apply confirmation for all modifying actions; no support for overwrite, batch delete, or destructive operations.
- All actions are fully logged with audit trails and security restrictions.
- Detailed configuration, command list, and safe usage flows described in documentation.
元数据
常见问题
openlist 是什么?
Execute safe file operations via OpenList API with preview-apply workflow for browsing, moving, renaming, deleting, offline tasks, and audit logging. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 218 次。
如何安装 openlist?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openlist-skill」即可一键安装,无需额外配置。
openlist 是免费的吗?
是的,openlist 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openlist 支持哪些平台?
openlist 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openlist?
由 okami-horo(@okami-horo)开发并维护,当前版本 v1.0.0。
推荐 Skills