← 返回 Skills 市场
dashiming

PansClaw Code

作者 dashiming · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
87
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pansclaw-code
功能描述
Use the PansClaw Code CLI (Rust reimplementation of Claude Code) for AI-assisted coding. Triggers when: user wants to run coding tasks via pansclaw code, del...
安全使用建议
This skill appears to be a local CLI wrapper for an AI coding assistant, but there are several red flags you should verify before installing or running it: - Provenance: The skill has no homepage or clear source. Prefer only installing tools from known repositories or vendor sites. Ask the publisher for the upstream repo or release URL. - Metadata mismatch: The registry lists no required env vars but the SKILL.md and references require MINIMAX_API_KEY, ANTHROPIC_API_KEY and (in places) OPENAI_API_KEY. Confirm which credentials are actually needed and why. - Absolute paths & user-specific files: The instructions and scripts reference /Users/dashi/... and ~/.openclaw-pansclaw/... which suggests the package was built for a specific machine. Inspect and adjust paths before running to avoid surprising file operations. - Dangerous permission flags: The skill and asset files enable 'danger-full-access' and encourage --dangerously-skip-permissions. Do not run with those flags unless you fully trust the binary and understand it can read/modify your workspace and manage agents. Prefer read-only or workspace-write permission modes and keep interactive permission prompts. - Inconsistent package names: The build targets differ across files (claw-cli vs rusty-claude-cli). Before building, open the Rust project to confirm the correct crate/package and review source code for unexpected network endpoints or commands. - Recommended steps if you want to try it safely: 1) Request the upstream repository or a signed release. Verify code before building. 2) Build in an isolated environment (container or disposable VM), do not run with --dangerously-skip-permissions there. 3) Inspect the built binary (strings, ldd, network activity) and run health checks (/doctor) in a sandbox. 4) Only provide cloud API keys that are scoped/minimized and revoke them if suspicious activity is observed. If you cannot obtain the upstream source or a trustworthy release, treat this skill as untrusted and avoid installing it on your primary machine.
功能分析
Type: OpenClaw Skill Name: pansclaw-code Version: 0.1.0 The skill bundle provides a local AI coding assistant ('Claw') but exhibits high-risk patterns. Most notably, SKILL.md and the usage examples explicitly instruct the agent to use the '--dangerously-skip-permissions' flag, which bypasses user confirmation for potentially destructive file and system operations. Furthermore, the build and installation scripts (build.sh, install.sh) contain hardcoded absolute paths to a specific user's home directory (/Users/dashi/), which is non-standard for portable skill bundles. While these behaviors align with the tool's stated purpose of automated coding, the lack of safety defaults and environment-specific hardcoding warrants a suspicious classification.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
The skill claims to run a local 'PansClaw/Claw' CLI for coding (reasonable), and cloud fallbacks that legitimately need API keys. However the registry metadata declares no required env vars while the SKILL.md and references explicitly ask for MINIMAX_API_KEY, ANTHROPIC_API_KEY and OPENAI_API_KEY. That metadata mismatch (plus no homepage/origin) is incoherent and increases risk because the agent won't surface required credentials up-front.
Instruction Scope
Runtime instructions tell the agent to build local source (cargo build) from absolute user-specific paths (/Users/dashi/... and /Users/dashi/.openclaw-pansclaw/...), create symlinks into ~/.local/bin, and run the CLI with --dangerously-skip-permissions and a permission mode 'danger-full-access'. Those steps can give the CLI broad write/exec access to the workspace and bypass interactive permission checks; the skill also references many management commands (agents, skills, hooks, mcp) suggesting the CLI can modify/execute other components. The instructions do not limit what the CLI may do after being run.
Install Mechanism
There is no install spec (instruction-only), which minimizes remote code fetch risk. Included helper scripts perform local cargo builds and symlinks (no network downloads other than suggesting rustup). However there are inconsistencies in package names used across files (SKILL.md shows cargo -p claw-cli, scripts/quickstart/build use rusty-claude-cli, scripts use rusty-claude-cli), suggesting sloppy copy-paste or mismatched build targets that could cause unexpected behavior during build/install.
Credentials
The skill asks for multiple API keys (MINIMAX_API_KEY, ANTHROPIC_API_KEY, OPENAI_API_KEY) in the docs but the registry lists none — requiring multiple cloud credentials is not unreasonable for multi-provider support, but it should be declared. More importantly, the assets and examples enable 'danger-full-access' and --dangerously-skip-permissions which grant broad workspace access; that privilege is disproportionate unless the user explicitly consents and understands the risk.
Persistence & Privilege
The skill is not marked always:true and does not request system-level persistent privileges in the registry. It does, however, instruct creating a symlink into ~/.local/bin and running a CLI that can manage agents/skills; this grants persistent local tooling presence. That behavior can be normal for a CLI but combined with skip-permissions and missing provenance increases risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pansclaw-code
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pansclaw-code 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of pansclaw-code — a Rust reimplementation of the Claude Code CLI. - Provides a local AI-assisted coding CLI, supporting both local (Ollama) and remote (Minimax, Anthropic, OpenAI) models. - Automatically builds the binary if missing or outdated. - Detailed instructions for prerequisites, available models, usage patterns, and example commands. - Usage triggers and exclusions are clearly outlined for effective integration.
元数据
Slug pansclaw-code
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

PansClaw Code 是什么?

Use the PansClaw Code CLI (Rust reimplementation of Claude Code) for AI-assisted coding. Triggers when: user wants to run coding tasks via pansclaw code, del... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。

如何安装 PansClaw Code?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pansclaw-code」即可一键安装,无需额外配置。

PansClaw Code 是免费的吗?

是的,PansClaw Code 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

PansClaw Code 支持哪些平台?

PansClaw Code 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 PansClaw Code?

由 dashiming(@dashiming)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论