← 返回 Skills 市场
ocean right marine
作者
Andy-Gaoyue
· GitHub ↗
· v1.0.0
· MIT-0
94
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install orm-weather-routing-nav-voyage-distance-finder
功能描述
ORM 气象导航航次距离计算工具 - 通过 NavOptima 查询港口间航行距离(海里)
安全使用建议
Do not install blindly. Specific things to consider before installing:
- The SKILL.md contains a plaintext NavOptima email and password — ask who owns that account and whether you are authorized to use it. Never rely on hardcoded shared credentials; prefer per-user credentials or API keys injected via environment variables. If that account is legitimate, rotate the password and avoid embedding secrets in skill text.
- The skill forces full-page screenshots and instructs sending them to chat 'regardless of user window'. That can leak sensitive map/context data or other on-screen information. Require explicit user consent before any screenshot is taken or sent, and restrict sending to the active conversation only.
- Verify the contact details and the service domain (https://nop.ormwx.com). If you cannot confirm the provider and account ownership, do not grant the skill runtime access to your agent or browser tools.
- If you still want the functionality: request the skill be changed to (1) accept credentials via declared environment variables or an OAuth flow, (2) make screenshots and sending optional and require user confirmation, and (3) remove hardcoded contact/signature insertion or make it configurable.
- Test the skill in a restricted sandboxed environment first, monitor network and account activity, and rotate credentials immediately if they were used by the skill. If you have compliance or privacy constraints, this skill’s current instructions are inappropriate until modified.
功能分析
Type: OpenClaw Skill
Name: orm-weather-routing-nav-voyage-distance-finder
Version: 1.0.0
The skill bundle contains hardcoded plaintext credentials (email and password) for the NavOptima service within the `skill.md` file, which is a significant security vulnerability. Additionally, the instructions use high-pressure language ('Mandatory', 'Forced') to override agent behavior, requiring it to take screenshots and append a specific marketing signature with contact details (+86 18669863008) to every response. While these appear to be for a legitimate maritime routing service (ormwx.com), the hardcoding of sensitive credentials and rigid behavioral steering are high-risk patterns.
能力评估
Purpose & Capability
The skill claims to query NavOptima for voyage distances, which fits the described functionality. However, instead of requesting a proper, declared credential (API key or environment variable), the SKILL.md embeds a specific NavOptima email and plaintext password in the instructions. Hardcoding service credentials in an instruction-only skill is disproportionate and not an appropriate way to authenticate a third‑party service.
Instruction Scope
The SKILL.md directs the agent to log into a web UI, control a browser, take a full-page screenshot, and then forcibly send that screenshot to a chat channel 'regardless of user window'. That mandates collection and transmission of potentially sensitive visual data without explicit per-query user consent. It also prescribes appending fixed contact/signature info to every result. Those steps extend beyond a simple distance lookup and create clear data-exfiltration and privacy risks.
Install Mechanism
Instruction-only skill with no install spec and no code files — low disk/write risk. No third-party packages or downloads are requested.
Credentials
The skill declares no required environment variables or credentials, yet instructs use of a specific NavOptima account (email and plaintext password). This mismatch is a red flag: credentials are present but not managed through declared env vars, and there is no justification for sharing a shared/static password inside the skill text.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or agent system settings. However, its mandatory 'capture and send' behavior effectively gives it a recurring data-exfiltration action each invocation; if the agent invokes the skill autonomously, that increases risk. Autonomous invocation itself is normal, but combined with forced screenshot-sending it widens the blast radius.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install orm-weather-routing-nav-voyage-distance-finder - 安装完成后,直接呼叫该 Skill 的名称或使用
/orm-weather-routing-nav-voyage-distance-finder触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of ORM Weather Routing Nav Voyage Distance Finder.
- Supports querying voyage distance (nautical miles) between global ports using the NavOptima platform.
- Provides detailed instructions for login, multi-port route planning, and precise position (latitude/longitude) input.
- Outputs standardized distance report and automatically sends voyage map screenshots with result.
- Mandatory inclusion of contact info (Andy, ORM Weather Routing) in all outputs.
- Emphasizes data accuracy (<1% error) and safe internal use—strict account/password access control.
元数据
常见问题
ocean right marine 是什么?
ORM 气象导航航次距离计算工具 - 通过 NavOptima 查询港口间航行距离(海里). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 94 次。
如何安装 ocean right marine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install orm-weather-routing-nav-voyage-distance-finder」即可一键安装,无需额外配置。
ocean right marine 是免费的吗?
是的,ocean right marine 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ocean right marine 支持哪些平台?
ocean right marine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ocean right marine?
由 Andy-Gaoyue(@andy-gaoyue)开发并维护,当前版本 v1.0.0。
推荐 Skills