← 返回 Skills 市场
738
总下载
2
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install openpond-cli
功能描述
Use the OpenPond CLI to create repos, watch deployments, and run tools without the web UI.
安全使用建议
This skill appears to be a normal CLI wrapper for OpenPond, but the package metadata is incomplete and the runtime steps touch sensitive local state. Before installing or allowing an agent to use it: 1) Verify the 'openpond-code' npm package source and integrity (inspect its repo, reviews, and latest release). Prefer using 'npx' or a scoped/test environment instead of a global install. 2) Use a limited-scope or disposable OPENPOND_API_KEY when testing, and rotate it afterwards. 3) Be aware the CLI will read and temporarily modify your .git/config and will persist credentials under ~/.openpond/cache.json — inspect and remove those files if you don't want persistent tokens. 4) If you plan to let an agent invoke this skill autonomously, limit that agent's file access or run it in an isolated workspace to avoid accidental exfiltration of repository credentials. 5) Ask the skill author/registry to correct metadata (declare required binaries and env vars) so the security surface is transparent.
功能分析
Type: OpenClaw Skill
Name: openpond-cli
Version: 0.1.1
The skill bundle provides instructions for using the OpenPond CLI, including installation via `npm`, authentication, repository management, deployment watching, and tool execution. All commands and descriptions align with the stated purpose of managing OpenPond applications. There is no evidence of prompt injection against the OpenClaw agent, data exfiltration, malicious execution, persistence mechanisms, or obfuscation. While passing API keys on the command line (`openpond login --api-key`) can be a security vulnerability, it is a common CLI pattern and does not indicate malicious intent from the skill itself.
能力评估
Purpose & Capability
Name/description describe an OpenPond CLI helper. However the skill metadata declares no required binaries or env vars while the SKILL.md clearly expects npm/npx, the 'openpond' CLI, and git. The missing declared requirements is an incoherence: a CLI helper normally would declare these dependencies.
Instruction Scope
Runtime instructions tell the agent to install/open/use the 'openpond' CLI, run git commands, read/modify .git/config (tokenize origin temporarily), and rely on ~/.openpond/cache.json for cached credentials. These actions are within the functional scope (managing repos/deployments) but they involve reading/modifying local git config and persisting API tokens — sensitive operations that the metadata did not advertise.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written by the registry itself. The SKILL.md instructs users/agents to run 'npm i -g openpond-code' or use 'npx'. That delegates installation to npm at runtime — lower risk from the registry, but you must vet the npm package (supply chain risk).
Credentials
Metadata lists no required environment variables, yet SKILL.md documents optional/expected vars (OPENPOND_API_KEY, OPENPOND_BASE_URL, etc.) and shows non-interactive login via an API key. Requesting and caching API keys is reasonable for this CLI, but the omission from declared requirements reduces transparency and increases the chance of accidental credential exposure.
Persistence & Privilege
always:false and autonomous invocation are default and acceptable. The SKILL.md does indicate persistent state: a cache file at ~/.openpond/cache.json and temporary changes to .git/config during tokenized pushes. These are expected for a CLI that authenticates and pushes code, but they do create persistent tokens and modify local repo config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openpond-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/openpond-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
openpond-cli v0.1.1
- Initial release of OpenPond CLI workflows.
- Create and manage OpenPond repositories from the command line, including interactive and non-interactive login.
- Support for pushing code to repos, watching deployments, and managing tools without the web UI.
- Account-level commands to list apps, run tools, view performance, and create agents.
- OpenTool passthrough commands available via `npx`.
- Configurable via environment variables and supports caching.
元数据
常见问题
Openpond Cli 是什么?
Use the OpenPond CLI to create repos, watch deployments, and run tools without the web UI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 738 次。
如何安装 Openpond Cli?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openpond-cli」即可一键安装,无需额外配置。
Openpond Cli 是免费的吗?
是的,Openpond Cli 完全免费(开源免费),可自由下载、安装和使用。
Openpond Cli 支持哪些平台?
Openpond Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openpond Cli?
由 glucrypto(@glucrypto)开发并维护,当前版本 v0.1.1。
推荐 Skills