← 返回 Skills 市场
archie0125

Osop Review

作者 Archie0125 · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
100
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install osop-review
功能描述
Review .osop/.osoplog for security risks, permission gaps, and destructive commands
安全使用建议
This skill appears to do what it says (analyze .osop/.osoplog contents) but asks for access to ~/.osop/config.yaml and declares bash as required without justifying either. Before installing or running it: - Ask the skill author why ~/.osop/config.yaml is required and what data from it will be read. If the skill needs config context, it should state that in SKILL.md and explain exactly what keys are used. - Confirm whether the skill will actually read the config path or only the argument file. If uncertain, run the skill on a copy of your .osop/.osoplog in a sandbox or with a wrapper that prevents reading ~/.osop. - Verify the bash requirement: if the skill is purely a file analyzer, it shouldn't need a shell binary. Prefer a skill that lists only the minimal dependencies. - When running, avoid supplying real secrets or production logs; test first with redacted samples. If the author updates SKILL.md to explicitly explain the use of ~/.osop/config.yaml (or removes that requirement) and documents any shell commands it runs, the assessment would likely move to benign. If the skill actually reads the config for tokens or other secrets without clearly declaring that, treat it as high-risk and do not install.
功能分析
Type: OpenClaw Skill Name: osop-review Version: 1.2.0 The skill bundle contains instructions for an AI agent to perform security audits on OSOP workflow (.osop) and log (.osoplog.yaml) files. It specifically directs the agent to identify high-risk commands (e.g., 'rm -rf'), hardcoded secrets (e.g., GitHub tokens), and missing security controls like approval gates or timeouts. There is no executable code or evidence of malicious intent; the instructions are purely defensive and aligned with the stated purpose of security reviewing.
能力评估
Purpose & Capability
The skill claims to review .osop/.osoplog files for security issues — that matches the SKILL.md instructions. However the registry metadata requires access to ~/.osop/config.yaml and the bash binary even though the runtime instructions only say to read the provided target file and do an analysis. The config file requirement is not explained in the instructions and could grant access to unrelated persistent configuration or credentials.
Instruction Scope
SKILL.md instructions are narrowly scoped to: read the argument file (.osop or .osoplog), detect risky nodes/commands/secrets, compute a risk score, and present findings. The instructions do not tell the agent to read other files or environment variables, nor to transmit data externally.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is written to disk by an installer.
Credentials
No environment variables or credentials are requested (good). But the declared required config path (~/.osop/config.yaml) is not referenced in SKILL.md. Requesting a user config file without explaining why is disproportionate: that file could contain tokens or global settings unrelated to the single-file review.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It is user-invocable and allows model invocation (normal). There is no evidence it modifies other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install osop-review
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /osop-review 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Initial ClawHub release — OSOP security & risk analyzer
元数据
Slug osop-review
版本 1.2.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Osop Review 是什么?

Review .osop/.osoplog for security risks, permission gaps, and destructive commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 Osop Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install osop-review」即可一键安装,无需额外配置。

Osop Review 是免费的吗?

是的,Osop Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Osop Review 支持哪些平台?

Osop Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Osop Review?

由 Archie0125(@archie0125)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论