← 返回 Skills 市场
stevenobiajulu

Safe

作者 Steven Obiajulu · GitHub ↗ · v0.2.0 · MIT-0
cross-platform ✓ 安全检测通过
162
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install safe
功能描述
Draft and fill Y Combinator SAFE templates — valuation cap, discount, MFN, pro rata side letter. Standard startup fundraising documents for convertible equit...
安全使用建议
This skill appears coherent for filling SAFE templates, but pay attention to two operational risks before using it: (1) Remote MCP will send sensitive fundraising fields (company name, investor name, purchase amount, valuation cap, state, etc.) to openagreements.ai—confirm the user consents and validate the service's authenticity and privacy policy. (2) If you use the Local CLI path, ensure the agent or operator strictly implements the documented sanitization rules (output filename regex, reject shell metacharacters and control characters, use a quoted heredoc, and pin the npm package version) and be aware of potential /tmp symlink/TOCTOU issues; consider using a secure, unique temp file per invocation rather than a fixed path. Also always review the generated SAFE before signing, pin the CLI version as recommended, and verify the open-agreements npm package and its source prior to installation.
功能分析
Type: OpenClaw Skill Name: safe Version: 0.2.0 The 'safe' skill provides a structured workflow for generating Y Combinator SAFE documents via a remote MCP or local CLI. It demonstrates a strong security posture by providing the agent with explicit shell command sanitization rules (e.g., regex for filenames, quoted heredocs, and metacharacter rejection) in SKILL.md and template-filling-execution.md to prevent RCE. It also transparently discloses that the remote MCP path sends data to openagreements.ai and includes instructions to treat third-party template data as untrusted, effectively mitigating prompt injection risks.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name/description match what the skill does: produce filled SAFE DOCX files via a hosted MCP or an optional local CLI. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
The SKILL.md stays within purpose but delegates critical safety responsibilities (shell-parameter sanitization, rejecting control characters, output filename validation, and user confirmation before sending values to the hosted service) to the agent or operator. It also mandates a fixed temp path (/tmp/oa-values.json) and invoking the local CLI, which are reasonable for the task but require correct implementation by the runner to avoid command-injection or TOCTOU/symlink risks.
Install Mechanism
This is an instruction-only skill with no install spec. It recommends either a hosted MCP (openagreements.ai) or installing the public npm package open-agreements; both are plausible and proportional. No arbitrary downloads or extract operations are specified.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The only data it transmits (when using Remote MCP) are the template field values required to fill SAFEs—this is consistent with the stated purpose, and the skill explicitly asks for user consent before sending such data.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or broad credential access.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Fix: populate version field
v0.2.1
Add inline trust-boundary, shell-safety, and hosted Remote MCP disclosure guidance for ClawHub review.
元数据
Slug safe
版本 0.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Safe 是什么?

Draft and fill Y Combinator SAFE templates — valuation cap, discount, MFN, pro rata side letter. Standard startup fundraising documents for convertible equit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 162 次。

如何安装 Safe?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe」即可一键安装,无需额外配置。

Safe 是免费的吗?

是的,Safe 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Safe 支持哪些平台?

Safe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safe?

由 Steven Obiajulu(@stevenobiajulu)开发并维护,当前版本 v0.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论