← 返回 Skills 市场

Raon OS

Name: Raon OS
Author: lifeissea

作者 Tomas · GitHub ↗ · v0.7.28 · MIT-0

cross-platform ⚠ suspicious

822

总下载

当前安装

版本数

在 OpenClaw 中安装

/install raon-os

功能描述

AI-powered startup companion for Korean founders. Evaluate business plans, match government funding programs (TIPS/DeepTech/Global TIPS), connect with 3,972+...

安全使用建议

This skill appears to do what it says (business-plan evaluation, government program crawlers, RAG, local REST API). Before installing or running it, consider: 1) Secrets: it recommends storing LLM API keys in ~/.openclaw/.env — ensure that file is protected (chmod 600) or keep keys in a secure vault; 2) Local server exposure: by default it runs an HTTP server (port 8400) and includes instructions for ngrok and installing a service — do not expose the server to the public without reviewing server.py, admin endpoints, and adding proper firewall/reverse-proxy protections; 3) Persistence: the skill writes data under eval_data/ and history files and may append to JSONL files; if you are concerned about sensitive PDFs or PII, run it in an isolated environment or container and inspect parse/evaluate scripts first; 4) Review install-service.sh and any systemd/service scripts before using them; 5) Allowed-domain fetch: the crawlers fetch public government sites and the code documents an allowlist for realtime fetches — if you plan to expose the server to third parties, verify the is_allowed_url() logic in server/rag_pipeline to ensure arbitrary outbound fetches are blocked; 6) Test code note: the repo includes test fixtures (conftest.py) that mock authentication for tests — this is normal for tests but ensure you are not running the test harness in production mode. If any of these behaviors are unacceptable, run the skill in a sandbox or review/modify the code before use.

功能分析

Type: OpenClaw Skill Name: raon-os Version: 0.7.28 The raon-os skill is a comprehensive startup assistant designed to evaluate business plans, match government funding, and provide valuation estimates. It implements a RAG (Retrieval-Augmented Generation) pipeline using various LLM providers (Gemini, OpenAI, OpenRouter) and includes a local HTTP API server (server.py) to power a web widget. Security-conscious features are present, such as SSRF protection via domain whitelisting, input sanitization to mitigate prompt injection, and restricting administrative API endpoints to localhost. The network activities, including crawling government sites and communicating with LLM APIs, are transparently documented and aligned with the skill's stated purpose.

能力评估

✓ Purpose & Capability

Name/description (startup companion, biz-plan evaluation, gov-funding matching, Kakao integration, RAG pipeline, crawlers) align with included files (evaluation scripts, crawlers, rag_pipeline, server, kakao webhook helpers, widget). Required bins (python3, node) are appropriate: python drives core logic and node provides a thin CLI wrapper. No bizarre or unrelated credentials/binaries are requested.

ℹ Instruction Scope

SKILL.md instructs running local server (default port 8400), CLI scripts (raon.sh), and crawlers that fetch public government sites; it also specifies storing LLM API keys in ~/.openclaw/.env and running evaluate scripts on PDF content. These instructions stay within the declared purpose, but they do instruct the agent to read/write local files (eval_data/, ~/.openclaw/.env, history.jsonl) and to make outbound HTTP requests to public sites. The skill also suggests using install-service.sh and exposing endpoints via ngrok — actions that increase network exposure and should be reviewed by the user before execution.

✓ Install Mechanism

No external download/install step in registry metadata (instruction-only install). The package includes source files bundled with the skill; there is no installer that fetches remote archives. That is lower risk than remote downloads. The bundle does include a script that can install a system service (install-service.sh mentioned in README) — review that script before running.

ℹ Credentials

SKILL.md documents optional LLM API keys (GEMINI/OPENROUTER/ANTHROPIC/OPENAI) and optional SaaS/Supabase variables for managed mode or feedback storage. Those environment variables are coherent with the described LLM and persistence features. The skill does recommend storing API keys in ~/.openclaw/.env (chmod 600 suggested) — this is expected but worth noting because secrets are persisted to disk. No unrelated credentials (AWS, SSH, etc.) are requested by default.

ℹ Persistence & Privilege

The skill does not request always:true and uses default autonomous invocation behavior. It will run a local HTTP server, create and append to local data files (eval_data/*.jsonl, history.jsonl, ~/.openclaw/.env), and the README mentions installing a system service. These behaviors are consistent with a local agent/toolset but do mean the skill will persist data and open network endpoints if you run the server or the install-service script — review those steps and firewall settings before exposing anything publicly. The SKILL.md includes sensible cautions (admin API restricted to localhost, advice to block /api/keys/* via nginx/firewall).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install raon-os
安装完成后，直接呼叫该 Skill 的名称或使用 /raon-os 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.7.28

Auto-sync 2026-03-28

v0.7.27

test

v0.7.26

Fix: include raon.sh CLI wrapper, add security/data-flow docs, address review findings

v0.7.25

Security: sanitize all placeholder keys in SKILL.md

v0.7.24

Security: exclude test files, supabase_client, agentic_rag from package

v0.7.23

security: bandit Medium=0 High=0 (# nosec suppression + kakao_webhook.py try-block fix)

v0.7.22

이름 수정: SKILL.md name 필드 슬러그별 고유명으로 변경

v0.7.21

보안패치 v0.7.21: SSRF 도메인 화이트리스트(RAON_API_URL/SUPABASE_URL), 프롬프트 인젝션 방어 추가

v0.7.20

보안패치: localhost auth bypass 제거, 카카오 웹훅 서명 미설정 시 거부 (VirusTotal 지적 해결)

v0.7.19

이름 수정: 슬러그별 고유 이름 부여

v0.7.18

보안패치: 위험 스크립트(launchctl/subprocess) 완전 제거, 클린 25파일

v0.7.17

보안패치: subprocess/launchctl 스크립트 배포 제외

v0.7.16

보안 패치: launchctl 스크립트 배포 제외

v0.7.15

fix: eval_data excluded from npm package, size 143KB (was 2MB+)

v0.7.14

Re-scan: VirusTotal cache refresh (code identical to startup-agent v0.7.13)

v0.7.13

semver 통일 (0.7.x), 보안패치, 피드백 파이프라인

v0.7.12

Version 0.7.12 - No file changes detected; this release is functionally identical to version 0.7.10. - Documentation and metadata remain unchanged from previous release.

v2026.2.23

security: launchctl 분리(install-service.sh), URL SSRF 화이트리스트, admin API localhost 제한

v0.7.10

Remove all hardcoded paths, add chmod 600 guidance, security improvements

v0.7.9

Fix: declared node+python3 requires, expanded security notes, chmod 600 guidance

元数据

Slug raon-os

版本 0.7.28

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 23

常见问题

Raon OS 是什么？

AI-powered startup companion for Korean founders. Evaluate business plans, match government funding programs (TIPS/DeepTech/Global TIPS), connect with 3,972+... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 822 次。

如何安装 Raon OS？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install raon-os」即可一键安装，无需额外配置。

Raon OS 是免费的吗？

是的，Raon OS 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Raon OS 支持哪些平台？

Raon OS 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Raon OS？

由 Tomas（@lifeissea）开发并维护，当前版本 v0.7.28。