← 返回 Skills 市场
joshuaohanlon

Openclaw Skill

作者 JoshuaOHanlon · GitHub ↗ · v1.0.3
macoslinux ✓ 安全检测通过
595
总下载
2
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install shelv
功能描述
Convert PDFs into structured Markdown filesystems and hydrate them into your workspace for exploration with standard Unix tools
安全使用建议
This skill appears coherent and implements the documented workflow. If you plan to install: 1) only provide a SHELV_API_KEY you trust (it grants access to your Shelv account), 2) be aware hydrated files are written under ~/.openclaw/workspace/shelves/<name> (the --force flag will remove an existing directory), and 3) the archive is downloaded from a presigned URL supplied by the service — ensure you trust the shelv.dev service and its API keys before use. If you need higher assurance, review the scripts locally before running them and confirm the API host (https://api.shelv.dev) is the intended endpoint.
功能分析
Type: OpenClaw Skill Name: shelv Version: 1.0.3 The OpenClaw AgentSkills skill bundle for Shelv is classified as benign. While it performs inherently high-risk operations such as uploading user-provided files, making network calls to an external API (`https://api.shelv.dev`), and downloading/extracting archives into the workspace, it implements robust security measures. Specifically, `scripts/shelv-hydrate.sh` includes critical checks to prevent path traversal and symlink attacks within downloaded tar archives, sanitizes user-provided directory names, and verifies archive integrity using SHA256 checksums. There is no evidence of intentional malicious behavior, data exfiltration beyond the stated purpose, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in any of the provided files.
能力评估
Purpose & Capability
Name/description describe uploading PDFs, polling processing, and hydrating a filesystem; the skill only requires an API key for shelv.dev and POSIX tools (curl, tar, jq, shasum). These requirements are appropriate and expected for the described functionality.
Instruction Scope
SKILL.md and included scripts only call the Shelv API, download the archive returned by the service, verify its sha256 checksum, check for path traversal and symlinks, and extract files into ~/.openclaw/workspace/shelves. The scripts do not attempt to read unrelated local files, exfiltrate environment data, or contact unexpected endpoints beyond the API/presigned-URL flow described.
Install Mechanism
No install spec is provided (instruction-only with shipped helper scripts). The scripts are plain shell, no third-party download/install step is executed at runtime by the skill. This is the lower-risk pattern for a skill that relies on system utilities.
Credentials
Only SHELV_API_KEY is required and it is the primary credential used to authenticate to the documented API. This is proportionate. Minor note: the declared required binaries list includes shasum (and the scripts accept sha256sum too), so the declared binaries and the scripts' runtime checks are consistent enough but slightly imprecise about accepting either sha256sum or shasum.
Persistence & Privilege
always:false (default), and the skill does not request persistent system-wide privileges or modify other skills' configuration. It writes files only under ~/.openclaw/workspace/shelves/ and verifies the target path to prevent path traversal; --force can delete a shelf directory, which is explicit and expected behavior.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install shelv
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /shelv 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Remove accidentally included test script
v1.0.2
Address security scan findings: declare shasum in metadata bins, replace config-file credential guidance with env var, add --force flag for non-destructive default, reject symlinks in archives
v1.0.1
Security hardening: sanitize --name flag, mandatory SHA256 checksum, tar path traversal inspection, workspace containment guard
v1.0.0
Initial release
元数据
Slug shelv
版本 1.0.3
许可证
累计安装 1
当前安装数 1
历史版本数 4
常见问题

Openclaw Skill 是什么?

Convert PDFs into structured Markdown filesystems and hydrate them into your workspace for exploration with standard Unix tools. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 595 次。

如何安装 Openclaw Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install shelv」即可一键安装,无需额外配置。

Openclaw Skill 是免费的吗?

是的,Openclaw Skill 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Skill 支持哪些平台?

Openclaw Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux)。

谁开发了 Openclaw Skill?

由 JoshuaOHanlon(@joshuaohanlon)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论