← 返回 Skills 市场
404
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install shuyan-data-classification
功能描述
数安云智数据分类分级同步接口 - 用于批量处理字段信息的分类分级。支持敏感数据识别、数据分类、数据分级等功能。使用前需配置API地址和认证密钥。
安全使用建议
This skill appears to be a straightforward client for a local/remote data-classification API, but check a few practical things before installing:
- Confirm the API_URL you intend to use (the defaults and the skill homepage point to localhost; ensure you set SHUYAN_API_URL to the correct service and not a public endpoint you don't control).
- Protect the API key: avoid storing long-lived keys in plain text if possible; if you store the key in ~/.openclaw/openclaw.json be aware that this is local plaintext configuration. Prefer environment variables or short-lived credentials.
- Verify the data you will send — sampleList and other fields can contain personal data; ensure you comply with your data-handling policies before sending real PII to the configured endpoint.
- The Python script requires the 'requests' package and contains a bug: the health command references 'ShucanClassifier' (typo) and will fail; if you plan to use the Python CLI, either patch that line to use ShuyanClassifier or rely on the shell script.
- Consider scoping the API key (least privilege) and rotating it regularly.
If you want, I can produce a patched version of the Python script fixing the health-check typo and add a small README note to declare SHUYAN_API_URL as a required env var.
功能分析
Type: OpenClaw Skill
Name: shuyan-data-classification
Version: 1.0.1
The skill bundle is classified as suspicious due to a JSON injection vulnerability in the `shuyan-classify.sh` script. User-provided arguments (`$colNameCh`, `$colNameComment`, etc.) are directly embedded into a JSON string without proper escaping, allowing an attacker to inject arbitrary JSON key-value pairs or malform the request sent to the local API. While the Python script (`shuyan_classify.py`) correctly handles JSON serialization, and the default API endpoint is `http://localhost:8080` (local), this vulnerability in the shell script could lead to unintended data manipulation or errors on the target API.
能力评估
Purpose & Capability
Name/description, declared primary credential (SHUYAN_API_KEY), required binary (curl), and the included scripts all align with a client that sends batch field metadata to a classification API. The homepage pointing at localhost looks like a placeholder rather than an external service but is explainable given the default API_URL value.
Instruction Scope
SKILL.md and the scripts instruct only to POST JSON to the stated endpoint and to perform health checks; they do not request unrelated files, credentials, or network destinations. The SKILL.md suggests storing the API key in environment variables or in ~/.openclaw/openclaw.json (which is a normal configuration choice but has privacy implications).
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However, the Python script expects the third-party 'requests' package but does not provide an automated install step; users will need to pip install requests. No remote downloads or archives are used.
Credentials
The skill declares SHUYAN_API_KEY as the primary credential which is appropriate. The code and SKILL.md also rely on SHUYAN_API_URL, but SHUYAN_API_URL is not listed in the registry 'required env vars' metadata (minor inconsistency). Both scripts include a default value ('sk-secret-key' and 'http://localhost:8080'), which is likely a placeholder; the hardcoded default key is not a secret but may mask misconfiguration.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and has no installation step that persists privileged system changes. It is user-invocable and can be invoked autonomously per platform defaults, which is expected for a skill of this type.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shuyan-data-classification - 安装完成后,直接呼叫该 Skill 的名称或使用
/shuyan-data-classification触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- 新增 shuyan-classify.sh 脚本,提供命令行自动化调用接口的能力
- 新增 shuyan_classify.py 脚本,支持通过 Python 进行分类分级结果处理
- 实现多语言调用接口的便捷入口,提升易用性与灵活性
v1.0.0
- Initial release of shuyan-data-classification skill.
- Provides a batch API for field-level data classification and sensitivity grading, supporting sensitive data detection, data classification, and grading.
- Requires API endpoint and authentication key configuration; supports environment variables and OpenClaw integration.
- Includes usage scenarios, request/response structure, error handling, sensitivity level descriptions, and practical cURL examples.
- Suitable for batch data field processing in various business systems.
元数据
常见问题
数安云智数据分类分级 是什么?
数安云智数据分类分级同步接口 - 用于批量处理字段信息的分类分级。支持敏感数据识别、数据分类、数据分级等功能。使用前需配置API地址和认证密钥。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 404 次。
如何安装 数安云智数据分类分级?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shuyan-data-classification」即可一键安装,无需额外配置。
数安云智数据分类分级 是免费的吗?
是的,数安云智数据分类分级 完全免费(开源免费),可自由下载、安装和使用。
数安云智数据分类分级 支持哪些平台?
数安云智数据分类分级 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 数安云智数据分类分级?
由 PILAO(@jianmo1997)开发并维护,当前版本 v1.0.1。
推荐 Skills