← 返回 Skills 市场
plsreadme
作者
FacundoLucci
· GitHub ↗
· v0.4.0
775
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install plsreadme
功能描述
Share markdown files and text as clean, readable web links via plsreadme.com. Use when someone asks to share a document, README, PRD, proposal, notes, or any markdown as a shareable link. Also triggers for "create a preview link", "share this as a page", or "make this readable". Requires the plsreadme MCP server (npx plsreadme-mcp).
安全使用建议
This skill does what it promises (publish markdown as public links) but exercise caution before installing or running it:
- Verify the service and npm package: there is no homepage or repo in the skill metadata, and the README suggests running 'npx -y plsreadme-mcp' (npx will download and execute code from the npm registry). Inspect the package/source on npm or GitHub before running npx.
- Prefer the remote MCP URL only if you trust plsreadme.com; understand that uploaded content becomes a permanent public URL.
- Confirm with users before uploading any files or pasted text that may contain secrets or private information.
- If you must use npx, consider running it in a restricted environment or inspecting the package contents first rather than using '-y' to auto-accept.
If you can obtain the package repository or a verified homepage for plsreadme, re-run evaluation — that evidence would raise confidence and could change the verdict to benign.
功能分析
Type: OpenClaw Skill
Name: plsreadme
Version: 0.4.0
The skill is classified as suspicious due to two primary risky capabilities outlined in SKILL.md. Firstly, it instructs the agent to execute an external Node.js package (`npx -y plsreadme-mcp`), which introduces a supply chain risk as the integrity of the `plsreadme-mcp` package cannot be guaranteed. Secondly, the `plsreadme_share_file` tool explicitly states it 'Reads from disk', granting the agent the capability to access local files. While the skill includes a positive instruction to 'confirm with the user before sharing sensitive content' to mitigate prompt injection risks, the underlying capabilities for arbitrary code execution and local file access represent significant vulnerabilities if the agent is compromised or the external package is malicious.
能力评估
Purpose & Capability
Name/description align with the runtime instructions: the skill reads markdown (or accepts text) and publishes a public link via plsreadme.com. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read local .md files and upload them to the plsreadme service (or accept text). That is consistent with the purpose, but it involves reading arbitrary files and transmitting their contents to an external, public endpoint — so the agent must confirm with the user before sharing sensitive content (the doc even notes links are public).
Install Mechanism
There is no formal install spec, but the README recommends 'npx -y plsreadme-mcp' which will fetch and execute code from the npm registry at runtime. npx executes remote packages (supply-chain risk). The alternative is a remote MCP URL (https://plsreadme.com/mcp), which means content and metadata will be sent to that external service. No homepage, repository, or package provenance is provided to validate the npm package or remote endpoint.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to its stated task. However, the effective capability (read local files + upload to public site) can expose sensitive data if used without caution.
Persistence & Privilege
The skill does not request always:true or any elevated/persistent platform privileges. It's user-invocable and can be invoked autonomously per platform default, which increases impact if combined with external execution, but autonomy alone is not a new risk here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install plsreadme - 安装完成后,直接呼叫该 Skill 的名称或使用
/plsreadme触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.0
Share any content as clean readable web links. Supports markdown and plain text with auto-structuring. Includes refactor-and-share prompt for AI-powered formatting.
元数据
常见问题
plsreadme 是什么?
Share markdown files and text as clean, readable web links via plsreadme.com. Use when someone asks to share a document, README, PRD, proposal, notes, or any markdown as a shareable link. Also triggers for "create a preview link", "share this as a page", or "make this readable". Requires the plsreadme MCP server (npx plsreadme-mcp). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 775 次。
如何安装 plsreadme?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install plsreadme」即可一键安装,无需额外配置。
plsreadme 是免费的吗?
是的,plsreadme 完全免费(开源免费),可自由下载、安装和使用。
plsreadme 支持哪些平台?
plsreadme 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 plsreadme?
由 FacundoLucci(@facundolucci)开发并维护,当前版本 v0.4.0。
推荐 Skills