← 返回 Skills 市场
Service Catalog
作者
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
53
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install service-catalog
功能描述
Auto-discover and catalog all services in a codebase or organization — scan Dockerfiles, docker-compose, Kubernetes manifests, package.json, systemd units, P...
安全使用建议
This skill mostly does what it says: it scans a codebase for service artifacts and builds a catalog. Before installing or running it: (1) be aware it reads many repository files and may surface secrets or private endpoints — run it in a trusted or isolated checkout if you have sensitive data; (2) the SKILL.md uses tools like python3 and rg (ripgrep) but the skill doesn't declare required binaries — ensure those tools are present and consider adding them to a vetted runtime rather than installing unknown packages; (3) the description mentions 'organization' scanning but the commands are local to the workspace — don't expect it to reach into external repos or org-level services unless you explicitly provide those checkouts; (4) review where the skill will write or transmit its output (not specified) and avoid piping results to external endpoints unless you trust them. If you want to proceed, test on a non-sensitive repository and confirm outputs are limited to local files or agent UI before running on production codebases.
功能分析
Type: OpenClaw Skill
Name: service-catalog
Version: 1.0.0
The skill bundle contains multiple shell injection vulnerabilities in the `SKILL.md` file, specifically within the `discover` and `owners` commands where file paths found by `find` are directly interpolated into `python3 -c` command strings. While the tool's functionality for service discovery and dependency mapping is clearly defined and legitimate, these vulnerabilities allow for potential arbitrary code execution if the agent processes a repository containing maliciously named files. Additionally, the tool performs broad searches for sensitive configuration keys like `DATABASE_URL` and `REDIS_URL` and pings local endpoints, which are high-risk behaviors albeit aligned with the stated purpose of infrastructure cataloging.
能力评估
Purpose & Capability
The name and description (auto-discover services in a codebase) align with the SKILL.md commands, which search Dockerfiles, manifests, package.json, etc. However, the description also promises organization-wide discovery while the provided commands only operate on the local workspace; that mismatch could mislead users about what this skill actually does. Also the SKILL.md uses tools (python3, rg/ripgrep, find, xargs, grep) but the skill declares no required binaries—an omission that reduces transparency.
Instruction Scope
Instructions perform broad filesystem and repo scanning (find/grep/rg across many file types), look for environment-variable patterns (DATABASE_URL, REDIS_URL, etc.) and extract URLs and health endpoints. This is consistent with the stated cataloging goal, but it will read arbitrary repository files and may surface secrets, credentials, or private endpoints if present. The SKILL.md does not instruct sending results out-of-band, but it also doesn't constrain output handling or where the generated catalog is stored, so users should be aware of sensitive data exposure risk.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — low install risk. However, it relies on external CLI tools (python3, rg/ripgrep, find, xargs, grep) without declaring them; that is a transparency/documentation gap rather than an installation vector risk.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md does search for common environment variable names and config files within the repo (to infer dependencies), which is reasonable for the purpose and proportionate to the stated task.
Persistence & Privilege
always:false and no install-time persistence are used. The skill is user-invocable and can be invoked autonomously by the agent (platform default), which is expected. The skill does not request elevated system-wide modifications or change other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install service-catalog - 安装完成后,直接呼叫该 Skill 的名称或使用
/service-catalog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of service-catalog: auto-discover and catalog all services in your codebase or organization.
- Scan Dockerfiles, docker-compose, Kubernetes manifests, systemd units, Procfiles, and common project files (Node.js, Python, Go) to find services.
- Generate a detailed, living service catalog with names, types, tech stack info, owners, dependencies, health checks, and documentation links.
- Map service-to-service dependencies, detect circular dependencies, single points of failure, and orphaned services.
- Check the health of services using Docker, systemd, and detected health endpoints.
- Report service ownership based on CODEOWNERS and code metadata.
元数据
常见问题
Service Catalog 是什么?
Auto-discover and catalog all services in a codebase or organization — scan Dockerfiles, docker-compose, Kubernetes manifests, package.json, systemd units, P... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 53 次。
如何安装 Service Catalog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install service-catalog」即可一键安装,无需额外配置。
Service Catalog 是免费的吗?
是的,Service Catalog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Service Catalog 支持哪些平台?
Service Catalog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Service Catalog?
由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。
推荐 Skills