← 返回 Skills 市场
project-explorer-skill
作者
zhanggroot7
· GitHub ↗
· v1.0.0
· MIT-0
79
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install project-explorer
功能描述
Explores unfamiliar GitHub projects, installs and runs them, analyzes architecture, and generates comprehensive documentation guides
安全使用建议
This skill is coherent in purpose but has meaningful gaps and gives the agent broad discretion to run untrusted code. Before installing or using it: 1) Require the agent to ask for explicit permission before cloning, installing, or executing anything. 2) Run any dynamic execution in an isolated sandbox/container or a disposable VM, not on your primary machine. 3) Never provide sensitive credentials; remove or sanitize .env files and avoid sharing secrets. 4) Prefer that the skill perform static analysis first and only run code after you review the exact commands. 5) Ask the skill author to declare required binaries/runtimes and to add explicit safety checks and confirmation prompts. If you cannot guarantee sandboxing or safe handling of secrets, use the skill for read-only analysis (file inspection, architecture mapping) rather than actually installing/running third-party projects.
功能分析
Type: OpenClaw Skill
Name: project-explorer
Version: 1.0.0
The skill bundle, specifically in skill.md, instructs the AI agent to clone arbitrary GitHub repositories, install their dependencies, and execute the code on the user's machine to 'explore' them. This design creates a high risk of Remote Code Execution (RCE) and makes the agent vulnerable to indirect prompt injection or malware contained within the target repositories. While the stated intent is educational, the instruction to run untrusted code without sandboxing or safety constraints is a significant security risk.
能力评估
Purpose & Capability
The name/description matches the runtime instructions (explore, run, and document repos). However, the skill declares no required binaries, env vars, or config paths while telling the agent to 'clone or download', 'install dependencies', and 'run the project' — actions that realistically require git, network access, language runtimes, package managers, Docker, etc. Not declaring these dependencies is an incoherence: either the skill cannot actually perform its stated tasks, or it assumes privileges/tools that it should have declared.
Instruction Scope
SKILL.md instructs the agent to fetch repositories, install dependencies, run projects, execute tests, and 'figure out' missing setup steps. Those directions give the agent broad discretion to execute arbitrary code from untrusted sources and to modify the user's environment. The instructions do not constrain when the agent must ask for user confirmation nor do they limit execution to safe, sandboxed environments. The guidance is open‑ended ('figure them out') which increases risk and scope creep.
Install Mechanism
This is an instruction‑only skill with no install spec and no code files, so it does not place new artifacts on disk via an installer. That reduces installation risk. The remaining risk comes from the runtime actions the instructions require (cloning and running third‑party projects).
Credentials
The skill lists no required environment variables or credentials, but its workflow explicitly includes discovering and using project-specific configuration and 'Environment variables or config needed'. Running arbitrary projects frequently requires secrets (API keys, DB credentials, cloud access) stored in env files or system variables. The lack of any declared env requirements or guidance about handling secrets is a mismatch and could lead to accidental exposure or misuse of the user's credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). Autonomous invocation is allowed by platform default. Because the skill's runtime behavior includes executing arbitrary third-party code, autonomous invocation combined with that broad execution capability increases potential blast radius — a note for the user but not alone sufficient to declare maliciousness.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-explorer - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-explorer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Project Explorer: an energetic guide for exploring and documenting unfamiliar GitHub projects.
- Automates setup: fetches, installs, and runs provided repositories or technologies.
- Analyzes architecture: explores project structure, dependencies, and main workflows.
- Generates beginner-friendly, comprehensive markdown documentation guides.
- Provides troubleshooting help, workflow examples, and practical tips.
- Encourages users to request deeper dives into any area of interest.
元数据
常见问题
project-explorer-skill 是什么?
Explores unfamiliar GitHub projects, installs and runs them, analyzes architecture, and generates comprehensive documentation guides. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 79 次。
如何安装 project-explorer-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-explorer」即可一键安装,无需额外配置。
project-explorer-skill 是免费的吗?
是的,project-explorer-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
project-explorer-skill 支持哪些平台?
project-explorer-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 project-explorer-skill?
由 zhanggroot7(@zhanggroot7)开发并维护,当前版本 v1.0.0。
推荐 Skills