← 返回 Skills 市场
ngm9

Samvida

作者 Naman Muley · GitHub ↗ · v0.3.3
cross-platform ⚠ suspicious
466
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install samvida
功能描述
Generate an agentic contract (llms.txt) for any business website. Crawls the site, fills gaps conversationally, and produces a structured agent-optimized llm...
安全使用建议
Samvida appears to do what it says, but keep these practical cautions in mind before installing or running it: - Data exposure: the crawler extracts raw page text, emails, and other contact details and sends that content to your configured OpenClaw LLM for generation. Do not use it on sites containing sensitive or private information unless you accept that those page contents will be processed by your LLM provider. - Internal/host-reachability risk: the crawler will fetch any URL you (or the agent) provide. If the agent runs in an environment that can reach internal/private hosts, you could accidentally cause the skill to crawl internal services. Only provide URLs you intend to be crawled. - Deploy credentials: Cloudflare/Webflow tokens are requested only at deploy time and appear to be used directly to call provider APIs. Before giving a token, verify its scope and only grant the minimum necessary permissions (e.g., Workers Scripts: Edit for Cloudflare). Double-check the worker JS payload that will be uploaded if you choose to deploy. - Environment assumptions: the skill assumes a Python virtualenv at ~/.virtualenvs/samvida and an OpenClaw workspace path (~/.openclaw/workspace/samvida). If your environment differs, the provided CLI examples will fail; create the venv or adjust paths as needed. - Review outputs before publishing: the generated llms.txt may include extracted personal emails/names and any user-provided conversational answers. Inspect the draft and the final file before deploying it to a public domain. If you want tighter safety: test the skill on a non-sensitive public site first, confirm the /tmp files and worker script contents locally, and restrict deploy tokens to minimal scopes or use temporary sandbox accounts for initial runs.
功能分析
Type: OpenClaw Skill Name: samvida Version: 0.3.3 The skill's core functionality (crawling, generating, and deploying llms.txt) appears legitimate. However, the SKILL.md instructions repeatedly direct the OpenClaw agent to execute shell commands with user-provided inputs (e.g., `{url}`, `{token}`, `{domain}`) without explicit sanitization. This introduces a significant shell injection vulnerability (Remote Code Execution risk) in SKILL.md during both the crawl and deploy phases, as a malicious user could potentially inject arbitrary commands into the shell execution.
能力评估
Purpose & Capability
Name/description (generate llms.txt for a site) matches the included crawler and deploy scripts and the conversational gap-fill flow. The optional Cloudflare/Webflow/Framer deploy paths and credentials are appropriate for the stated 'deploy' feature.
Instruction Scope
Runtime instructions tell the agent to run the included crawl.py and deploy.py, write/read temporary files in /tmp, and send crawled page text to the configured OpenClaw LLM for generation. This is expected for the task, but it means the skill will extract emails/names/raw page text and surface them to the LLM — a privacy consideration.
Install Mechanism
Instruction-only install (no external download) and bundled Python scripts only require standard Python packages (httpx, beautifulsoup4). The package.json insists on a specific virtualenv path (~/.virtualenvs/samvida) and workspace paths (~/.openclaw/workspace/...), which is brittle but not malicious.
Credentials
No environment vars are forced at install time. Deployment paths optionally request Cloudflare/Webflow/GitHub tokens — these are proportional to the deploy feature and declared in metadata as prompted at runtime and not persisted. There are no unrelated credentials requested.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills. Deploy operations require explicit user action ('deploy') and external credentials. There is no indication the skill auto-persists credentials.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install samvida
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /samvida 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.3
fix: remove ANTHROPIC_API_KEY from registry metadata — skill uses OpenClaw configured LLM; clarify deploy credentials are optional and never persisted; add data handling disclosure
v0.3.2
fix: populate registry-level _meta.json with env vars, credentials, and data handling declaration — resolves scanner mismatch between registry and package.json
v0.3.1
fix: declare all runtime requirements, env vars, and credentials in package.json — resolves ClawHub security governance flags
v0.3.0
Add compliance and reviews sections: auto-detect certifications (SOC2, ISO27001, GDPR, HIPAA) and third-party ratings (G2, ProductHunt, Trustpilot, Gartner) for agent trust signals
v0.2.2
Webflow deploy (Assets API + Redirects API + Publish), Framer instructions with 3 options (static file / redirect rule / Cloudflare Worker), AEO-optimized llms.txt (prose block, FAQs section, described links everywhere), updated spec and README
v0.2.1
CMS detection: identifies Framer, Webflow, Squarespace, Shopify, Ghost, WordPress. When Worker loses to CMS origin, gives platform-specific update instructions instead of silent failure.
v0.2.0
Phase 2: deploy generated llms.txt live via Cloudflare Workers. Warns before overwriting existing llms.txt, handles route conflicts, retries verification.
v0.1.0
Initial release. Crawl any business website and generate an agent-optimized llms.txt (agentic contract) with Team, Clients & Testimonials, For Agents sections. Two-pass crawl: fast heuristic draft + deep LLM-extraction mode.
元数据
Slug samvida
版本 0.3.3
许可证
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Samvida 是什么?

Generate an agentic contract (llms.txt) for any business website. Crawls the site, fills gaps conversationally, and produces a structured agent-optimized llm... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 466 次。

如何安装 Samvida?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install samvida」即可一键安装,无需额外配置。

Samvida 是免费的吗?

是的,Samvida 完全免费(开源免费),可自由下载、安装和使用。

Samvida 支持哪些平台?

Samvida 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Samvida?

由 Naman Muley(@ngm9)开发并维护,当前版本 v0.3.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论