← 返回 Skills 市场
439
总下载
1
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install safespace-rater
功能描述
Use when users need to audit local OpenClaw skills, generate trust scores, and optionally publish those scores to SafeSpace.
安全使用建议
This skill appears to do what it says (audit local skills, produce reports, and optionally publish ratings). Before installing or running it: 1) Inspect the Go repository it may 'go install' (github.com/vpn2004/SkillVet) or build the binary yourself rather than auto‑installing compiled code fetched from the network. 2) Verify the SAFESPACE_SERVER endpoint — the default domain is uncommon; if you will publish ratings, point it to a known/trusted server. 3) If you don't want data leaving your machine, run audit-local with upload/publish flags disabled (dry-run) and avoid exporting SAFESPACE_LLM_API_KEY or other credentials. 4) Review the Go binary source (if possible) or build it in a sandbox/container to limit blast radius. 5) Consider running the tool on a copy of your skills directory first to confirm outputs and behavior.
功能分析
Type: OpenClaw Skill
Name: safespace-rater
Version: 1.3.4
The skill is classified as suspicious primarily due to a significant supply chain vulnerability in `scripts/safespace-rater.sh`. The script attempts to auto-bootstrap the `safespace-rater` binary by executing `go install github.com/vpn2004/SkillVet/cmd/safespace-rater@latest`. This command fetches and compiles code from a remote GitHub repository at runtime. If the upstream `github.com/vpn2004/SkillVet` repository were compromised, it could lead to the installation and execution of arbitrary malicious code on the user's system. While the skill's stated purpose (auditing local skills and publishing scores to `https://skillvet.cc.cd`) and its handling of `SAFESPACE_LLM_API_KEY` for LLM integration are aligned with its functionality, the reliance on remote code compilation for installation introduces a high-risk, unverified execution path.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the shell wrapper align: the skill is a CLI that audits local skills, creates reports, and can publish ratings. The wrapper simply locates or bootstraps a safespace-rater binary and then execs it — this is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read a local skills directory (~/.agents/skills by default), optionally read a runtime LLM score file, register a local identity, and write reports to ~/.safespace. Those actions are within the scope of an auditing/rater tool and do not request unrelated system-wide data or credentials. The doc does advertise optional submission to a remote server (SAFESPACE_SERVER).
Install Mechanism
There is no registry install spec, but the included script will attempt to auto-bootstrap the runtime via 'go install' using GO_INSTALL_SPEC (github.com/vpn2004/SkillVet/cmd/safespace-rater@latest) or build from a repo root. Using 'go install' of a third-party repository is a common pattern but is moderate risk because it will fetch and compile remote code. The URL is a normal GitHub-style import path (not an arbitrary IP or pastebin).
Credentials
The skill declares no required env vars; SKILL.md documents optional envs (SAFESPACE_SERVER, SAFESPACE_LLM_* and an OpenAI API key fallback). These optional variables are relevant to the advertised features (server endpoint, LLM fallback). However, providing an API key or allowing uploads will expose data to the chosen server — the default SAFESPACE_SERVER value (https://skillvet.cc.cd) looks nonstandard and should be verified before use.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills' configs. It writes local outputs under ~/.safespace and registers a local DID identity as expected for its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safespace-rater - 安装完成后,直接呼叫该 Skill 的名称或使用
/safespace-rater触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.4
Fix default go install source to public github.com/vpn2004/SkillVet
v1.3.3
Add MIT license file and auto-bootstrap wrapper for missing binary
v1.3.2
Rewrite SKILL.md as plain bilingual (ZH/EN) guide with value and quickstart
v1.3.1
Initial publish of safespace-rater client skill
元数据
常见问题
Safespace Rater 是什么?
Use when users need to audit local OpenClaw skills, generate trust scores, and optionally publish those scores to SafeSpace. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 439 次。
如何安装 Safespace Rater?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safespace-rater」即可一键安装,无需额外配置。
Safespace Rater 是免费的吗?
是的,Safespace Rater 完全免费(开源免费),可自由下载、安装和使用。
Safespace Rater 支持哪些平台?
Safespace Rater 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safespace Rater?
由 vpn2004(@vpn2004)开发并维护,当前版本 v1.3.4。
推荐 Skills