← 返回 Skills 市场
Partycraft
作者
bytesagain-lab
· GitHub ↗
· v2.0.1
· MIT-0
421
总下载
0
收藏
1
当前安装
10
版本数
在 OpenClaw 中安装
/install partycraft
功能描述
Plan events with budgets, guest lists, and timelines. Use when organizing weddings, coordinating birthdays, managing vendors, drafting invitations.
安全使用建议
This skill appears coherent and only stores data locally in ~/.partycraft/events.json. Before installing, confirm you are comfortable storing event details unencrypted in your home directory and that python3/bash are available. If you want stronger privacy, back up or encrypt the ~/.partycraft directory. If you see any unexpected network activity after running the skill, stop and investigate, but none is present in the source.
功能分析
Type: OpenClaw Skill
Name: partycraft
Version: 2.0.1
The skill bundle contains a critical Python injection vulnerability in `scripts/script.sh`. Shell variables (such as event names, dates, and task descriptions) are directly embedded into Python heredocs without sanitization, allowing for arbitrary Python code execution (RCE) via crafted inputs. While the tool's logic for event planning appears legitimate and there is no evidence of intentional data exfiltration or backdoors, the insecure implementation of data handling poses a significant security risk.
能力评估
Purpose & Capability
Name/description (event planning) match the delivered functionality: a CLI that creates events, budgets, tasks, guests, timelines, and checklist templates. The only required runtimes (bash, python3) are appropriate and documented.
Instruction Scope
SKILL.md and the included script limit actions to local operations (printing to stdout and reading/writing ~/.partycraft/events.json). There are no instructions to read unrelated system files, access network endpoints, or exfiltrate data. The documentation and script are consistent.
Install Mechanism
No install spec or remote downloads are used; the skill is instruction-only with a bundled script. That minimizes installation risk.
Credentials
The skill requests no environment variables or credentials. It writes only to a single directory in the user's home (~/.partycraft), which is proportionate to storing user event data. Users should note their event data is stored unencrypted on disk.
Persistence & Privilege
The skill is not always-enabled and does not attempt to modify other skills or agent-wide configuration. Autonomous invocation is allowed by platform default but the skill itself does not request elevated persistence or system-wide changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install partycraft - 安装完成后,直接呼叫该 Skill 的名称或使用
/partycraft触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v1.0.7
yaml-fix+quality
v1.0.6
yaml-fix+quality
v1.0.5
Quality upgrade
v1.0.4
Quality upgrade: custom functionality
v1.0.3
De-template, unique content, script cleanup
v1.0.2
Quality fix: cleaner docs, removed flags
v1.0.1
Quality improvement: better docs, examples, cleaner text
v1.0.0
Initial release
元数据
常见问题
Partycraft 是什么?
Plan events with budgets, guest lists, and timelines. Use when organizing weddings, coordinating birthdays, managing vendors, drafting invitations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 421 次。
如何安装 Partycraft?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install partycraft」即可一键安装,无需额外配置。
Partycraft 是免费的吗?
是的,Partycraft 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Partycraft 支持哪些平台?
Partycraft 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Partycraft?
由 bytesagain-lab(@bytesagain-lab)开发并维护,当前版本 v2.0.1。
推荐 Skills