← 返回 Skills 市场
406
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install safepaste
功能描述
Check any OpenClaw prompt, config snippet, or tip against YOUR actual setup before applying it. Auto-detects pasted prompts, analyzes compatibility, shows ex...
安全使用建议
SafePaste's goal (checking pasted prompts/configs against your actual OpenClaw setup) is coherent and it requests no credentials or external installs — that's good. However: (1) review the full SKILL.md/README yourself before installing — the package contains a detected prompt-injection pattern ('ignore-previous-instructions') which is suspicious; it may be malicious content embedded as an example or it may attempt to change model behavior. (2) Confirm exactly which local paths the skill will read and where backups are stored (e.g., ~/.openclaw backups), and test in a disposable workspace first. (3) Require the skill to prompt for explicit, human confirmation before applying any changes (never allow silent apply), and prefer using the 'analyze only' flow initially. (4) If you use model escalation, ensure you trust the model switch and cost implications; don't grant the skill any extra credentials. If you want higher assurance, ask the maintainer for the authoritative source code or run the skill in a sandboxed agent first.
功能分析
Type: OpenClaw Skill
Name: safepaste
Version: 2.3.0
The skill is classified as suspicious due to its reliance on high-risk capabilities, including direct execution of shell commands (`mkdir`, `cp`, `ls`, `clawhub install`) and instructions that leverage prompt injection techniques against the agent itself. While these capabilities are plausibly needed for the skill's stated purpose of configuration analysis, backup, rollback, and safe skill installation, they represent a significant attack surface. Specifically, the `clawhub install` command, though intended for safe skill management, allows the agent to install new software. Additionally, the instructions for the agent to 'Use everything you know about this user from your conversations, workspace files, and active projects' are a form of prompt injection, even if intended for benign personalization. The skill does, however, explicitly instruct the agent to detect and warn against malicious prompt injection and data exfiltration attempts, which is a strong defensive measure.
能力评估
Purpose & Capability
Name and description match what the SKILL.md asks the agent to do: read local OpenClaw files (AGENTS.md, SOUL.md, installed skills, cron/model config), analyze pasted content for conflicts, show diffs, and optionally apply changes with backups/rollback. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
The instructions require the agent to scan incoming messages (auto-detection), read multiple local config/workspace files, create backups, and potentially apply/modify user files. That generally fits the purpose, but the SKILL.md itself contains a prompt-injection pattern (pre-scan flagged 'ignore-previous-instructions'), which is suspicious because a helper that inspects pastes should not embed commands meant to override model behavior. The auto-detection/watch behavior also increases the surface for accidental scanning of unrelated content — the skill should be explicit about trigger boundaries and require user confirmation before acting.
Install Mechanism
No install spec or code files are present (instruction-only). This minimizes supply-chain risk because nothing is downloaded or written by an installer. The README and SKILL.md include a 'clawhub install safepaste' suggestion, but no automated install artifacts are provided in the package being evaluated.
Credentials
The skill requests no environment variables, credentials, or external endpoints. It does read local files and stores usage in ~/.openclaw/safepaste-state.json per README — these local accesses are proportionate for a tool that audits and applies local config changes, but users should verify exactly which filesystem paths will be read/written and where backups are stored.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable. However, it describes an auto-detection/watching behavior for incoming messages which implies ongoing monitoring by the agent; that is a behavioral privilege (automatic scanning of chat content). This is not automatically disallowed, but you should ensure the skill asks for explicit consent before applying changes and that auto-watch can be disabled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safepaste - 安装完成后,直接呼叫该 Skill 的名称或使用
/safepaste触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.3.0
SafePaste v2.3.0 Changelog
- Expanded and clarified SKILL.md documentation with detailed installation, usage instructions, and agent behavior guidelines.
- Enhanced list and explanation of trigger/interaction commands for user analysis, action, exploration, and rollback.
- Detailed "What It Checks" matrix added to explain SafePaste’s compatibility analysis across config types.
- Strengthened agent instructions for model escalation, auto-detection signals, backup requirements, and confidence logic.
- Clarified messaging and scenarios for auto-detecting config snippets, including when to offer analysis.
- Updated metadata: homepage and OpenClaw integration information included.
元数据
常见问题
Safepaste 是什么?
Check any OpenClaw prompt, config snippet, or tip against YOUR actual setup before applying it. Auto-detects pasted prompts, analyzes compatibility, shows ex... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 406 次。
如何安装 Safepaste?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safepaste」即可一键安装,无需额外配置。
Safepaste 是免费的吗?
是的,Safepaste 完全免费(开源免费),可自由下载、安装和使用。
Safepaste 支持哪些平台?
Safepaste 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safepaste?
由 rocanome(@rocanome)开发并维护,当前版本 v2.3.0。
推荐 Skills