← 返回 Skills 市场
josephl37

Share use case

作者 josephl37 · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
1820
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install share-usecase
功能描述
Share your OpenClaw use case to clawusecase.com. Analyzes your recent work and creates a submission for the community.
安全使用建议
This skill appears to implement the advertised feature (draft + submit use cases) but you should be cautious before installing: - Expect the assistant to read recent conversation history to draft the submission — that may disclose private messages you don't want published. - The OAuth flow uses a Convex endpoint (config.convexUrl). Verify you trust that host (benevolent-tortoise-657.convex.cloud) because it is queried with the OAuth token and returns the credential JSON. - get-credential.js prints the full credential JSON to stdout and poll-credential.sh echoes it. That JSON could include access tokens or other sensitive fields even if the README promises only public profile data. Ask the publisher to confirm or change the code to only return and expose public profile fields (username/display name) and to redact access/refresh tokens. - Consider requiring explicit user consent before submitting content publicly and avoid automatically including full credential blobs in submissions or logs. Recommended actions before enabling: 1) Inspect or run the code in a sandbox to confirm what fields the Convex backend returns (does it include access tokens?). 2) Replace or modify get-credential.js/poll-credential.sh so they only surface the minimal profile fields (username/platform) and do not print/store tokens. 3) Verify the identity/trustworthiness of the convex host or change to a backend under clawusecase.com if you control that service. 4) Ensure the assistant requests explicit user approval prior to sending any content to the public site and that anonymous submission is easy to choose. If you cannot confirm the above, treat the skill as potentially leaking sensitive OAuth data and avoid installing it in environments with sensitive conversations or credentials.
功能分析
Type: OpenClaw Skill Name: share-usecase Version: 1.0.1 The skill is designed to share OpenClaw use cases, involving analysis of recent conversation history, OAuth for attribution, and submission to clawusecase.com. The primary concern lies in the `SKILL.md` file, which contains highly imperative instructions for the AI agent to execute shell commands (`node get-credential.js`) and actively monitor/parse their output in real-time. While the current scripts are benign and the parsing logic is specific to extracting OAuth credentials (username, platform), these strong prompt injection instructions for immediate command output processing represent a risky capability that could be exploited if the underlying scripts were compromised or designed to output arbitrary harmful instructions, even though no clear malicious intent is present in the current bundle.
能力评估
Purpose & Capability
Name, description, and included scripts align with submitting a use case to clawusecase.com. The presence of submit.js and normalize-tools.js is appropriate. However, config.json points to an external Convex host (benevolent-tortoise-657.convex.cloud) for OAuth token retrieval rather than a service under clawusecase.com; this is plausible but worth verifying (it means credentials are stored/queried from that third-party backend).
Instruction Scope
SKILL.md explicitly instructs the agent to scan recent conversation history (last 50–100 messages / past few hours) to build the draft — this is within the stated purpose but is broad and may surface private content. It also mandates synchronous, foreground polling and immediate messaging on OAuth completion, which is an implementation constraint that increases I/O frequency and visibility of credential material.
Install Mechanism
No install spec (instruction-only deployment) and the code files are small, plain Node/Bash scripts. There are no downloads from untrusted URLs or install steps that write arbitrary binaries to disk.
Credentials
The README/Privacy section claims OAuth only accesses public profile, but get-credential.js prints the entire credential JSON returned by the Convex backend and poll-credential.sh echoes it to stdout. That output may include tokens or other sensitive fields beyond username/display name. The skill does not request or declare environment secrets but it does accept env overrides (CONVEX_URL, CLAWUSECASE_API_URL). Printing/storing full credentials is disproportionate to the stated need (only public profile is required).
Persistence & Privilege
Skill is not always-enabled, doesn't request elevated system privileges, and doesn't modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with always:true.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install share-usecase
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /share-usecase 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
share-usecase 1.0.1 - Clarified and strengthened polling requirements for OAuth attribution: Now explicitly requires synchronous, real-time monitoring and immediate notification to users upon successful connection. - Provided detailed implementation guidance to prevent background polling; emphasized that polling results must be checked directly and responded to instantly. - Added more precise bash code samples for credential polling and real-time user feedback. - Highlighted critical implementation notes to eliminate delays in user notifications for OAuth connections.
v1.0.0
share_usecase 2.0.0 introduces a fully guided assistant to help users share their OpenClaw use cases on clawusecase.com with new attribution and review features. - Analyzes recent user activity to draft a structured use case submission. - Provides users with a preview and allows editing before submission. - Supports both anonymous and credited submissions; OAuth integration for attribution with real-time connection detection and feedback. - Normalizes technology/tool names for consistency. - Handles API responses, validation, rate limits, and error feedback robustly. - Improves user experience with clear instructions and tips for quality use case submissions.
元数据
Slug share-usecase
版本 1.0.1
许可证
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Share use case 是什么?

Share your OpenClaw use case to clawusecase.com. Analyzes your recent work and creates a submission for the community. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1820 次。

如何安装 Share use case?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install share-usecase」即可一键安装,无需额外配置。

Share use case 是免费的吗?

是的,Share use case 完全免费(开源免费),可自由下载、安装和使用。

Share use case 支持哪些平台?

Share use case 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Share use case?

由 josephl37(@josephl37)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论