← 返回 Skills 市场
70
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install scripting-utils
功能描述
Universal scripting utilities supporting 8+ languages (Bash, PowerShell, Python, Perl/Raku, JavaScript, Tcl), IRC bot frameworks (pbot, Limnoria), system man...
安全使用建议
This skill has useful-sounding functionality, but the bundle is internally inconsistent and may not work as-is. Before installing: (1) ask the author how external tools are provided (shellcheck, pylint, eslint, pwsh, raku, node) and whether the runtime will install or require them on PATH; (2) ask how WebSearch is implemented (which endpoints, whether it uses an API key, and where fetched data is sent/stored); (3) verify the relative dependency "../json-utils" — confirm that dependency will be available or published; (4) review the actual script source (scripts/*.py) for any hard-coded remote endpoints or credential access; and (5) prefer a skill with a proper install spec or a published dependency chain and a homepage/maintainer contact. If you must try it, run in a restricted/sandboxed environment and inspect network activity and what local files it reads/writes.
功能分析
Type: OpenClaw Skill
Name: scripting-utils
Version: 1.0.0
The bundle provides high-risk system management and script validation capabilities that could be leveraged for privilege escalation or arbitrary code execution. Specifically, 'scripts/system_manager.py' contains logic to generate commands for privileged operations such as adding users to the sudoers group ('usermod -aG sudo'), modifying firewall rules, and installing packages. Additionally, 'scripts/language_validator.py' uses 'subprocess.run' to execute external compilers and linters for multiple languages. While these features are consistent with the stated purpose of 'scripting utilities,' they represent a significant attack surface if the agent is manipulated via prompt injection. The inclusion of large scraped documentation files (e.g., 'references/pbot/Applets.md') further increases the risk of hidden instructions or indirect injection.
能力评估
Purpose & Capability
SKILL.md describes syntax validation and linting across many languages (shellcheck, pylint/mypy, perlcritic, eslint, pwsh/PSScriptAnalyzer, raku, node, tcl) and WebSearch-driven documentation fetches. The skill's registry metadata lists no required binaries or credentials — this is inconsistent because the described functionality requires many external tools (shellcheck, node, python tooling, pwsh, raku, etc.) and likely network access. The package.json also lists a relative dependency ("../json-utils") which is not a normal published dependency and appears to assume a particular repository layout.
Instruction Scope
The SKILL.md instructs the agent to validate scripts, fetch documentation from web sources (e.g., Microsoft docs, GitHub) and to perform batch validation and schema-based JSON validation. Those actions imply network access and the ability to read local files/directories (batch validation, schema files like github_api_schema.json). The instructions do not explicitly limit which local files or system state to read, nor do they document what WebSearch endpoints or rate limits are used. That gives the skill broad discretion unless the implementation imposes constraints.
Install Mechanism
There is no install spec (instruction-only), but the bundle contains code files and package.json. package.json sets "main": "SKILL.md" and a dependency "../json-utils" (a relative path) — this is atypical and will fail in standard package installs. The absence of an install mechanism for dependencies and native tools (e.g., shellcheck, pylint) is inconsistent with the skill's claimed runtime needs.
Credentials
The skill requests no environment variables or credentials in metadata, which is proportionate for general linting; however, its WebSearch and API-validation features imply network calls but no declared API keys or endpoints. The unexplained relative dependency on ../json-utils suggests it expects local repository layout or shared credentials/config outside the skill manifest.
Persistence & Privilege
The skill does not request always: true and uses default model-invocation settings. It does not declare config paths or persistent privileges. No indicators that it will alter other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scripting-utils - 安装完成后,直接呼叫该 Skill 的名称或使用
/scripting-utils触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release – universal scripting utilities for 8+ languages, IRC bots, system management, and WebSearch.
- Validates and lints Bash, sh, Python, Perl, Raku, PowerShell, JavaScript, Tcl scripts.
- Integrates with pbot, Limnoria, and Eggdrop IRC bot frameworks for command syntax checks.
- Abstracts systemd, package, service, and networking management for Ubuntu and CentOS.
- Includes automatic WebSearch integration for language docs and API references.
- Provides modules for syntax validation, code generation, script conversion, batch processing, and JSON/API response validation.
元数据
常见问题
Scripting Utils 是什么?
Universal scripting utilities supporting 8+ languages (Bash, PowerShell, Python, Perl/Raku, JavaScript, Tcl), IRC bot frameworks (pbot, Limnoria), system man... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 70 次。
如何安装 Scripting Utils?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scripting-utils」即可一键安装,无需额外配置。
Scripting Utils 是免费的吗?
是的,Scripting Utils 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Scripting Utils 支持哪些平台?
Scripting Utils 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Scripting Utils?
由 KikiKari(@kikikari)开发并维护,当前版本 v1.0.0。
推荐 Skills