← 返回 Skills 市场
redis-tools
作者
bytesagain4
· GitHub ↗
· v1.0.0
· MIT-0
103
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install redis-tools
功能描述
Lookup Redis commands by category, test Redis server connections, and monitor database key counts and memory usage, with offline cheatsheet support.
安全使用建议
This skill appears coherent: it provides a local Bash cheatsheet and a script that uses redis-cli to test and monitor Redis instances. Before installing or running it: (1) open and read scripts/script.sh in full to confirm there are no hidden network calls (curl/netcat) or external endpoints; (2) do not supply production credentials or passwords unless you trust the script and its source—prefer testing against a local/dev Redis instance first; (3) if you are concerned about the agent initiating network activity autonomously, keep disable-model-invocation or agent autonomous invocation settings restricted; (4) run the script in a sandbox / non-privileged environment if possible. If you want, paste the full script here and I can scan it for risky patterns (egress calls, data exfiltration attempts).
功能分析
Type: OpenClaw Skill
Name: redis-tools
Version: 1.0.0
The script `scripts/script.sh` contains a shell injection vulnerability in the `do_test` and `do_monitor` functions. It constructs a command string (`RCMD`) using unvalidated input variables (`host`, `port`, `pass`) and executes it via subshell expansion (`$($RCMD ...)`), which allows arbitrary command execution if malicious arguments are provided. While the tool's stated purpose is benign (Redis management), this architectural flaw poses a security risk.
能力评估
Purpose & Capability
Name/description (Redis cheatsheet, connection test, monitor) align with what is provided: a Bash script that displays command references and can call redis-cli for tests/monitoring. No unrelated env vars, binaries or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included script with host/port/password arguments. That scope is consistent with the stated purpose. Caution: the runtime instructs network connections to user-specified Redis endpoints (expected), and running the provided script will execute code from the skill bundle—review the script for any unexpected behavior (external network calls, uploads) before providing credentials.
Install Mechanism
No install spec; this is an instruction-only skill with an included Bash script. Nothing is downloaded or written to disk by an installer step.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The only sensitive input is an optional Redis password passed as an argument (documented). There are no unexplained secret requests.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. The skill can be invoked autonomously by the agent (default), which is normal; consider disabling autonomous invocation if you do not want the agent to initiate network tests on its own.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install redis-tools - 安装完成后,直接呼叫该 Skill 的名称或使用
/redis-tools触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
redis-tools 是什么?
Lookup Redis commands by category, test Redis server connections, and monitor database key counts and memory usage, with offline cheatsheet support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。
如何安装 redis-tools?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install redis-tools」即可一键安装,无需额外配置。
redis-tools 是免费的吗?
是的,redis-tools 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
redis-tools 支持哪些平台?
redis-tools 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 redis-tools?
由 bytesagain4(@xueyetianya)开发并维护,当前版本 v1.0.0。
推荐 Skills