← 返回 Skills 市场
112
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install shrimp
功能描述
Task manager for AI agents. Works instantly — no account, no phone needed. 19 tools for nested task trees, batch ops, local storage, optional phone sync.
安全使用建议
This skill is plausible but exercise caution before installing. Key concerns: (1) it uses npx to download and run an npm package at install time — inspect the package before executing; (2) SKILL.md mentions an anonymous daily ping and paired-mode inbox access, but gives no endpoints or data details; (3) the registry shows version 1.0.7 while the SKILL.md references 1.0.6, which is a provenance mismatch.
Recommended steps before installing:
- Verify the package on npm and its maintainers (npm page for @hermitsh/shrimp-mcp). Check the package's source repo and recent release notes.
- Inspect the package contents (npm pack / tars) or view source on the repo to confirm what network calls and filesystem writes it performs (search for network endpoints, telemetry, or code that accesses mail/providers).
- Confirm what 'paired mode' accesses and what data shrimp_feedback submits; ask the maintainer for exact endpoints and data schemas.
- Run the adapter in an isolated environment or sandbox (or a disposable VM) first, and back up ~/.shrimp/tasks.json if you try local mode.
- Resolve the version mismatch (1.0.6 vs 1.0.7) and prefer installing a package with a verifiable source (GitHub release or official project domain) rather than blindly running npx from an unknown account.
If you cannot verify the package source and telemetry behavior, treat this skill as higher-risk and avoid installing it on machines with sensitive data.
功能分析
Type: OpenClaw Skill
Name: shrimp
Version: 1.0.7
The 'shrimp' skill is a task management tool for AI agents that operates locally by default and uses standard MCP (Model Context Protocol) patterns. The documentation in SKILL.md and _meta.json describes a transparent set of tools for task manipulation, batch operations, and optional synchronization with an iOS app, with no evidence of malicious instructions, data exfiltration, or obfuscated code.
能力评估
Purpose & Capability
The skill claims a local-first task manager and the only declared runtime requirement is npx, which is consistent with installing an npm-based MCP adapter. However several tool names (shrimp_inbox, shrimp_get_provider / shrimp_update_provider, shrimp_pipeline) imply access to external data (email, device activity, AI provider settings) that is not explained in the metadata (no required env vars or config paths). That could be legitimate via the paired iOS app, but the relationship is not described clearly.
Instruction Scope
SKILL.md instructs the agent/user to run npx @hermitsh/[email protected] and later npx ... pair. Running npx will download and execute code from the npm registry at runtime. The doc also says there's an 'anonymous daily ping' and a paired mode that can surface incoming email/shares; endpoints and exact data sent/read are not documented. The instructions don't ask the agent to read unrelated local files, but they do create/expect ~/.shrimp/tasks.json and perform network activity whose scope is not fully described.
Install Mechanism
There is no install spec in the registry entry; instead the SKILL.md relies on npx to fetch and execute @hermitsh/[email protected] from npm. npx-based installs execute remote package code at runtime (moderate risk). Also registry metadata lists version 1.0.7 while SKILL.md references 1.0.6 — a provenance/version mismatch that should be resolved before trusting the package.
Credentials
The skill declares no required environment variables or credentials, matching the 'no API key' claim. That is proportionate for local-only usage. However paired features claim access to inbox and provider settings — if those require additional credentials or escalate access, the SKILL.md does not declare or explain that. The anonymous daily ping is an explicit data transmission; its content and destination are not detailed.
Persistence & Privilege
The skill does not request always: true and does not declare system-wide config changes. It will store tasks locally at ~/.shrimp/tasks.json (expected for a task manager). Note: because the MCP adapter is fetched/executed via npx, the agent (when allowed) could autonomously invoke the installed adapter and cause network activity; this is normal but increases the impact of the other concerns above.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shrimp - 安装完成后,直接呼叫该 Skill 的名称或使用
/shrimp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
Pin npm version in install commands, add privacy disclosure
v1.0.6
Phone-free local mode, nested task trees, batch ops
v1.0.3
License correction — proprietary
v1.0.2
Initial release
元数据
常见问题
SHrimp Tasks 是什么?
Task manager for AI agents. Works instantly — no account, no phone needed. 19 tools for nested task trees, batch ops, local storage, optional phone sync. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 SHrimp Tasks?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shrimp」即可一键安装,无需额外配置。
SHrimp Tasks 是免费的吗?
是的,SHrimp Tasks 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SHrimp Tasks 支持哪些平台?
SHrimp Tasks 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SHrimp Tasks?
由 banonanon(@banonanon)开发并维护,当前版本 v1.0.7。
推荐 Skills