← 返回 Skills 市场
Ppe
作者
bytesagain3
· GitHub ↗
· v1.0.0
· MIT-0
131
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install ppe
功能描述
Personal protective equipment tracker. Use when json ppe tasks, csv ppe tasks, checking ppe status.
安全使用建议
This skill is a simple local CLI implemented in bash and appears to be what it claims. Before installing, note: (1) data is stored unencrypted by default under ~/.ppe (or PPE_DIR if set) — back up or move it if needed and avoid using on shared systems if entries are sensitive; (2) the script runs locally and makes no network calls; (3) you can inspect scripts/script.sh yourself (it's short and readable) before running; (4) the script uses simple line-based JSON parsing (fragile for complex values) and sed -i/grep behaviors that may differ on BSD/macOS vs Linux — test on your platform. If you want stronger isolation, run it in a container or inspect/modify the script to suit your policies.
功能分析
Type: OpenClaw Skill
Name: ppe
Version: 1.0.0
The skill implements a local PPE tracker but contains a command injection vulnerability in `scripts/script.sh` within the `cmd_config` function. Specifically, user-provided keys and values are passed unsanitized to a `sed -i` command, which could allow for arbitrary file manipulation or, on systems with GNU sed, remote code execution (RCE) via the `e` flag. While the tool's behavior aligns with its stated purpose, the lack of input validation in a shell script environment is a significant security flaw.
能力评估
Purpose & Capability
Name/description align with the included script. The script implements add/list/search/remove/export/stats/config operations for PPE entries and stores them in a local data directory (PPE_DIR or ~/.ppe). There are no unrelated capabilities requested.
Instruction Scope
SKILL.md simply delegates to scripts/script.sh for commands. The script reads/writes only files under the configured data directory and the config file there; it does not access other system paths, environment variables (beyond optional PPE_DIR), or external endpoints.
Install Mechanism
There is no install spec and the repository includes a single bash script (scripts/script.sh). Nothing is downloaded or extracted from external URLs during runtime.
Credentials
No required environment variables or credentials are declared. The only environment use is an optional PPE_DIR to override the default data directory, which is appropriate for a local CLI tool.
Persistence & Privilege
always is false and the skill does not request permanent elevated presence. The script writes only to its own data directory and config file; it doesn't modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ppe - 安装完成后,直接呼叫该 Skill 的名称或使用
/ppe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
publish v1.0.0
元数据
常见问题
Ppe 是什么?
Personal protective equipment tracker. Use when json ppe tasks, csv ppe tasks, checking ppe status. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。
如何安装 Ppe?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ppe」即可一键安装,无需额外配置。
Ppe 是免费的吗?
是的,Ppe 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ppe 支持哪些平台?
Ppe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ppe?
由 bytesagain3(@bytesagain3)开发并维护,当前版本 v1.0.0。
推荐 Skills