← 返回 Skills 市场

Quote/0

Name: Quote/0
Author: yangguangzhou

作者 Jerry Zhou · GitHub ↗ · v1.0.4

cross-platform ⚠ suspicious

653

总下载

当前安装

版本数

在 OpenClaw 中安装

/install quote0

功能描述

Control MindReset Dot Quote/0 through the local quote0.js script and Dot Developer Platform APIs. Use when the user asks to configure Quote/0, push text/imag...

安全使用建议

This skill appears internally consistent and implements exactly what it claims: a Node CLI that calls the Dot Open API using your DOT_API_KEY and DOT_DEVICE_ID. Before installing/using it: - Only provide the API key and device id you intend to use. Prefer the single-command (--apiKey) or temporary env methods the SKILL.md recommends rather than persisting keys in shell rc files. - Do not pass sensitive local file paths to --imageFile; the script will read and upload whatever path you supply. Avoid pointing it at private keys, configuration files, or other secrets. - The CLI communicates over HTTPS to https://dot.mindreset.tech; trustworthiness of that service is outside this review. If you don't trust the service, do not supply real credentials. - If you want extra caution, review quote0.js locally (it is short and readable) before running. You can also create an API key with limited scope or revoke it later if needed. Confidence in this assessment is high because the source code and instructions are present, readable, and align with the declared purpose.

功能分析

Type: OpenClaw Skill Name: quote0 Version: 1.0.4 The skill is designed to interact with a specific API, and the `quote0.js` script primarily performs its stated function. However, the `image` command in `quote0.js` allows reading any local file specified by `--imageFile` and uploading its base64 content to the remote API. While the script includes strict validation to ensure the file is a PNG (checking both extension and magic bytes), this still represents a risky capability. An AI agent could potentially be prompted to upload a sensitive PNG file (e.g., a screenshot containing confidential information) from an arbitrary location on the filesystem. The `SKILL.md` file explicitly warns against passing sensitive file paths to `--imageFile`, acknowledging this potential risk, which contributes to the 'suspicious' classification rather than 'benign' due to the inherent data leakage risk if misused.

能力评估

✓ Purpose & Capability

Name/description, SKILL.md, package.json, and quote0.js all consistently implement a CLI that calls dot.mindreset.tech Open APIs to list devices, push text/images, and query status. Required binaries (node) and env vars (DOT_API_KEY, DOT_DEVICE_ID) match the described functionality.

✓ Instruction Scope

Runtime instructions limit actions to running the local quote0.js CLI and supplying API key/device id. The script only reads the filesystem when the user explicitly passes --imageFile (it verifies PNG magic and size). The SKILL.md warns not to point --imageFile at sensitive paths. There are no instructions to read other system files, shell history, or unrelated environment variables.

✓ Install Mechanism

This is an instruction-only skill with included source files and no install spec or network downloads. Nothing is written to disk by an installer step and no external archives or third-party packages are pulled during install.

✓ Credentials

The skill requests only DOT_API_KEY and DOT_DEVICE_ID (primaryEnv DOT_API_KEY). Those are the exact credentials needed to authenticate to the documented API endpoints; no unrelated secrets or system credentials are requested.

✓ Persistence & Privilege

always is false and the skill does not request or modify other skills or system-wide agent settings. disable-model-invocation is default (agent may invoke autonomously) — this is normal and not combined with other risky flags here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install quote0
安装完成后，直接呼叫该 Skill 的名称或使用 /quote0 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

Add openclaw metadata (requires.env + primaryEnv) to align registry credential/env declarations

v1.0.3

Harden image upload: remove bypass flag, require PNG extension+magic, add 5MB limit

v1.0.2

Declare required env vars in metadata; wording update in SKILL.md

v1.0.1

Security hardening + cross-platform docs + remove absolute path leakage

v1.0.0

Initial public release: full Dot Open API support (text/image/devices/status/next/list), env-based credential config, and first-time setup guide.

元数据

Slug quote0

版本 1.0.4

许可证 —

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Quote/0 是什么？

Control MindReset Dot Quote/0 through the local quote0.js script and Dot Developer Platform APIs. Use when the user asks to configure Quote/0, push text/imag... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 653 次。

如何安装 Quote/0？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install quote0」即可一键安装，无需额外配置。

Quote/0 是免费的吗？

是的，Quote/0 完全免费（开源免费），可自由下载、安装和使用。

Quote/0 支持哪些平台？

Quote/0 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Quote/0？

由 Jerry Zhou（@yangguangzhou）开发并维护，当前版本 v1.0.4。