← 返回 Skills 市场
Random Thought
作者
Jeremy Knows
· GitHub ↗
· v1.0.0
· MIT-0
288
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install random-thought
功能描述
Autonomous workspace reflection engine. Picks a random file from a configurable corpus, writes a reflective observation about what's unresolved, half-finishe...
安全使用建议
This skill is internally consistent and does what it says: it scans your workspace (respecting exclude patterns), selects files, and writes reflections and digests into the workspace. Before installing or scheduling it: (1) review and customize random-thought.config.json to ensure sensitive paths (keys, credentials, .env, private data) are excluded; (2) note that the skill will create a history file (default .random-thought-history) and output directory (default random-thought-output) in the workspace; (3) if you enable cron/autonomous runs, consider running a manual writer invocation first to confirm behavior; (4) if you plan to have the agent post to external systems, verify how that integration is configured — the skill mentions posting but provides no built-in external-channel config or credential handling. If you want an extra safety step, run the scripts locally in a disposable workspace copy to observe selected files and outputs before giving the agent autonomous access.
功能分析
Type: OpenClaw Skill
Name: random-thought
Version: 1.0.0
The skill contains shell-to-python injection vulnerabilities in `scripts/corpus-pick.sh` and `scripts/freshness-gate.sh` where workspace paths and configuration values (e.g., `$HISTORY_PATH`, `$ABS_FILE`) are interpolated directly into `python3 -c` command strings without sanitization. While the tool's behavior is aligned with its stated purpose of autonomous workspace reflection and includes a robust list of sensitive file exclusions (e.g., `.env`, `.key`, `.pem`), these implementation flaws could allow for arbitrary code execution if an attacker can influence the workspace environment. The recommended use of `cron` for periodic autonomous operation further elevates the risk profile of these vulnerabilities.
能力评估
Purpose & Capability
Name/description match the actual artifacts: two bash scripts implement file selection and freshness tracking, SKILL.md describes Writer/Curator behavior, and the file I/O requested is consistent with producing reflections and digests. No unrelated credentials, binaries, or network endpoints are required by the package.
Instruction Scope
Instructions explicitly tell the agent to read selected workspace files (up to configured limits), write reflections, and synthesize digests — this is consistent with purpose. SKILL.md mentions 'deliver the output (post to configured channel, write to file, or return to caller)' but there is no built-in channel/integration config or required env vars; that is a vague area you should confirm (how your agent would post externally). The scripts themselves do not perform network I/O or read unrelated system credentials.
Install Mechanism
No install spec or remote downloads; the skill is instruction + local scripts only. It relies on standard tools (bash, find, python3). Nothing is fetched from arbitrary URLs or written outside the workspace.
Credentials
The skill declares no required environment variables or secrets, and the scripts operate using a JSON config in the workspace. The only notable capability is the configurable action tag 'agent-execute', which signals items that the agent could act on autonomously — this is a workflow design choice rather than a hidden credential requirement.
Persistence & Privilege
The skill does not request elevated privileges or force installation (always:false). It writes a history file and output files inside the workspace (configurable names/paths), which is expected for freshness tracking and digest output. It does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install random-thought - 安装完成后,直接呼叫该 Skill 的名称或使用
/random-thought触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the autonomous workspace reflection engine.
- Introduces two main stages: Writer (hourly, file-based reflection) and Curator (periodic synthesis of patterns and actions).
- Configurable via `random-thought.config.json` for corpus selection, file freshness, action tags, and output formatting.
- Provides scripts for random file selection and freshness management.
- Supports both cron-driven automation and manual invocation for flexible setup.
- Outputs scannable digests highlighting actionable insights and recurring themes.
元数据
常见问题
Random Thought 是什么?
Autonomous workspace reflection engine. Picks a random file from a configurable corpus, writes a reflective observation about what's unresolved, half-finishe... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 288 次。
如何安装 Random Thought?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install random-thought」即可一键安装,无需额外配置。
Random Thought 是免费的吗?
是的,Random Thought 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Random Thought 支持哪些平台?
Random Thought 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Random Thought?
由 Jeremy Knows(@jeremyknows)开发并维护,当前版本 v1.0.0。
推荐 Skills