← 返回 Skills 市场
oozoofrog

Osori

作者 oozoofrog · GitHub ↗ · v1.6.1
darwinlinux ⚠ suspicious
944
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install osori
功能描述
Osori v1.6.1 — Local project registry & context loader with Telegram slash commands. Registry versioning + auto-migration + root filters + root management +...
安全使用建议
This skill appears coherent for managing a local project registry. Before installing: 1) Inspect registry_lib.py and telegram-commands.sh (bundled) to confirm there are no unexpected network endpoints or secrets being sent; those files implement core behavior. 2) Be aware it will read/scan filesystem paths and write a registry under $HOME/.openclaw by default — if you want a different location set OSORI_REGISTRY first. 3) The 'gh' CLI and optional 'entire' CLI will operate with whatever credentials/config you already have for those tools (the skill does not request separate tokens but will invoke them), so ensure your gh/entire configs are trusted. 4) Run /doctor without --fix first to preview changes; backups (.bak/.broken) are created when modifications occur. If you want higher assurance, provide the full contents of registry_lib.py and telegram-commands.sh for a targeted review — absence of those would lower confidence.
功能分析
Type: OpenClaw Skill Name: osori Version: 1.6.1 The OpenClaw AgentSkills bundle 'osori' contains shell injection vulnerabilities in `scripts/find_handler.py` and `scripts/switch_handler.py`. User-controlled input (project names) is directly embedded into `mdfind` and `find` commands using f-strings, without proper escaping. This allows an attacker to register a project with a crafted name (e.g., `foo" -exec /bin/sh -c "echo pwned`) and execute arbitrary commands on the host system when the `/find` or `/switch` commands are invoked. While this is a critical vulnerability, there is no evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or backdoors) within the provided code, classifying it as 'suspicious' rather than 'malicious'.
能力评估
Purpose & Capability
Name/description (local registry, search, switch, Telegram commands) match the actual files and required binaries. The skill legitimately needs python3, git and gh for JSON handling, repo detection and GitHub counts; optional 'entire' usage is documented and only required for /entire-* commands.
Instruction Scope
SKILL.md and scripts perform filesystem discovery (mdfind/find), read/write a registry file under $HOME/.openclaw by default, call 'gh' and optionally 'entire', and run project-local commands when switching. These are in-scope for a registry/context loader, but they do grant the skill the ability to scan arbitrary paths and execute CLIs in project directories — review expectations and ensure you trust those CLIs and your registry contents.
Install Mechanism
No remote download/install spec is present (instruction-only skill with bundled scripts). The package includes shell and Python scripts that will be executed locally; nothing is fetched from unknown URLs during install.
Credentials
The skill declares no required env vars but honors optional variables (OSORI_REGISTRY, OSORI_SEARCH_PATHS, OSORI_CACHE_FILE, OSORI_CACHE_TTL). It relies on existing gh/entire CLI config for network access (these use the user's credentials/config). This is expected, but be aware 'gh' uses your GitHub auth and 'entire' interacts with an external service — no additional unrelated secrets are requested by the skill itself.
Persistence & Privilege
Does not request always:true or global agent changes. It writes its own registry (default $HOME/.openclaw/osori.json), creates backups, and uses atomic replace/rollback — behavior is contained to its own files and documented. Allowing autonomous invocation is the platform default and not a specific additional privilege here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install osori
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /osori 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.1
v1.6.1 — Code quality release: inline Python extraction, gh_count consolidation, doctor plan-driven fix. 148 tests.
v1.1.0
Switch default language to English, keep Korean triggers
v1.0.0
Initial release: project registry, scan, add, switch, TDD tests
元数据
Slug osori
版本 1.6.1
许可证
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Osori 是什么?

Osori v1.6.1 — Local project registry & context loader with Telegram slash commands. Registry versioning + auto-migration + root filters + root management +... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 944 次。

如何安装 Osori?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install osori」即可一键安装,无需额外配置。

Osori 是免费的吗?

是的,Osori 完全免费(开源免费),可自由下载、安装和使用。

Osori 支持哪些平台?

Osori 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 Osori?

由 oozoofrog(@oozoofrog)开发并维护,当前版本 v1.6.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论