← 返回 Skills 市场
Skill Preflight Checker
作者
cp3d1455926-svg
· GitHub ↗
· v1.0.0
· MIT-0
81
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-preflight-checker
功能描述
技能预检检查器。在安装任何技能前进行安全检查,验证作者声誉、检查恶意脚本、分析权限需求,防止安装恶意技能。
安全使用建议
This skill appears to be what it claims (a preflight checker) but there are some important cautions: (1) The metadata does not list required tools — the instructions expect npm, docker, jq, grep, tar, etc.; verify those are available and intended. (2) Follow the container test steps carefully: avoid mounting sensitive host folders into the container (do not mount your home or .ssh), run the container with network disabled if you only want static checks, and don’t run as root. Prefer npm pack + static analysis and offline scanning rather than running npm install on untrusted packages. (3) Ask the author to update the skill metadata to declare required binaries and to add safer, explicit container options (e.g., --network=none, no host mounts, use ephemeral temp directories). If you cannot verify or enforce those safeguards, run preflight checks in a fully isolated VM/sandbox rather than on your primary host.
功能分析
Type: OpenClaw Skill
Name: skill-preflight-checker
Version: 1.0.0
The skill is a security auditing tool designed to inspect other packages for malicious behavior before installation. It uses standard utilities like `npm`, `grep`, and `docker` to check author reputation, scan for dangerous functions (e.g., `eval`, `exec`), and identify access to sensitive files (e.g., `.ssh`, `.env`) within target packages. The logic in `SKILL.md` and the provided `preflight_check.sh` script is consistent with its defensive purpose and lacks evidence of malicious intent, obfuscation, or data exfiltration.
能力评估
Purpose & Capability
The SKILL.md describes exactly the activities one would expect for a preflight checker (author reputation checks, scanning package scripts, searching for risky patterns, and running containerized tests). However the registry metadata declares no required binaries or tools even though the instructions require npm, docker, jq, grep, tar, and similar tools; and some claims (e.g., 'check author on ClawHub') lack concrete commands. This is a coherence gap between claimed capabilities and declared requirements.
Instruction Scope
Runtime instructions direct the agent to run npm view, grep/search package contents, npm pack/tar extraction, and to run docker containers that mount the current working directory (docker run -v $(pwd):/app node:alpine npm install package-name). Mounting host directories and running npm install (even inside a container) can expose host files and execute package install scripts. The instructions also suggest scanning for ~/.ssh and .env patterns — they do not explicitly restrict access to only package files. These steps are reasonable for a preflight tool but carry non-trivial risk and should be run with stricter isolation and explicit safeguards.
Install Mechanism
This is instruction-only with no install spec and no code files to execute from the skill itself. That minimizes the skill's own installation footprint.
Credentials
The skill requests no environment variables or credentials (appropriate for a checker). However the instructions search for references to sensitive paths (e.g., ~/.ssh, .env) and recommend mounting host directories into containers; that could lead to accidental access to sensitive host data if the operator follows the instructions naively. Declaring required tools (npm, docker, jq, grep, tar) in metadata would also make expectations clearer.
Persistence & Privilege
always:false and no install-time persistence or modifications to other skills are requested. The skill does not request elevated persistent privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-preflight-checker - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-preflight-checker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: skill-preflight-checker 1.0.0
- Provides automated preflight security checks before skill installation.
- Checks author reputation, scans for malicious scripts and commands, analyzes permission needs, and tests in a containerized environment.
- Generates detailed safety reports, flags risks, and offers install recommendations (safe/cautious/reject).
- Includes scripts and reference templates for automated scanning and checklist use.
- Designed to help prevent malicious or high-risk skills from being installed.
元数据
常见问题
Skill Preflight Checker 是什么?
技能预检检查器。在安装任何技能前进行安全检查,验证作者声誉、检查恶意脚本、分析权限需求,防止安装恶意技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 Skill Preflight Checker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-preflight-checker」即可一键安装,无需额外配置。
Skill Preflight Checker 是免费的吗?
是的,Skill Preflight Checker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Preflight Checker 支持哪些平台?
Skill Preflight Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Preflight Checker?
由 cp3d1455926-svg(@cp3d1455926-svg)开发并维护,当前版本 v1.0.0。
推荐 Skills