← 返回 Skills 市场
117
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pre-publish-security-check
功能描述
Skill 发布前安全检查工具。在发布 skill 到 ClawHub 前,自动扫描敏感信息(API Key、Token、私钥、邮箱、手机号、精确坐标等)。Use before publishing any skill to prevent leaking private data.
安全使用建议
This appears to be a safe, local pre-publish scanner. Before using it: (1) review and, if needed, extend the regexes to match your expected key formats (the script's patterns are conservative and may miss or overmatch some cases); (2) run it locally or in CI on copies of skill directories—it does not send data anywhere; (3) be aware of false negatives (e.g., separate LNG/LAT assignments or uncommon email domains) and false positives; (4) ensure the script has the correct execution permissions and that you trust the skill source before running it on sensitive directories.
功能分析
Type: OpenClaw Skill
Name: pre-publish-security-check
Version: 1.0.0
The skill is a security utility designed to scan local directories for sensitive information (API keys, private keys, and PII) before publishing. The shell script (skill-pre-publish-check.sh) uses standard grep patterns to identify potential leaks and does not perform any network activity, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
Name/description match the actual behavior: the skill is a pre-publish scanner and the shipped shell script implements pattern checks for API keys, private keys, emails, phones, and coordinates as advertised. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Instructions and script operate only on the supplied skill directory and print findings; they do not read other system paths or send data externally. Note: some grep patterns and --include filters are narrow (e.g., coordinate pattern expects comma-separated values, email regex only matches several common domains), so it may produce false negatives/positives. The SKILL.md and script instruct running the local shell script only.
Install Mechanism
No install spec or remote downloads; this is instruction-only plus a single local shell script. No external packages or archives are fetched or written to disk beyond the provided files.
Credentials
The skill declares no required environment variables or credentials and the script does not read secrets or environment variables beyond the provided SKILL_DIR argument. There is no disproportionate credential access requested.
Persistence & Privilege
The skill is not forced-always, requests no persistent presence, and does not alter other skills or system configuration. It is user-invocable and runs only when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pre-publish-security-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/pre-publish-security-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首次发布:Skill 发布前敏感信息扫描工具
元数据
常见问题
Pre-Publish Security Check 是什么?
Skill 发布前安全检查工具。在发布 skill 到 ClawHub 前,自动扫描敏感信息(API Key、Token、私钥、邮箱、手机号、精确坐标等)。Use before publishing any skill to prevent leaking private data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 117 次。
如何安装 Pre-Publish Security Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pre-publish-security-check」即可一键安装,无需额外配置。
Pre-Publish Security Check 是免费的吗?
是的,Pre-Publish Security Check 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pre-Publish Security Check 支持哪些平台?
Pre-Publish Security Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pre-Publish Security Check?
由 vlalamoon(@vlalamoon)开发并维护,当前版本 v1.0.0。
推荐 Skills