← 返回 Skills 市场
weidongkl

Skill Publish Vetter

作者 wei dong · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ✓ 安全检测通过
58
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-publish-vetter
功能描述
Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.
安全使用建议
This tool appears to do exactly what it says: it scans a target skill directory for tokens, passwords, private keys, .env values, personal emails/paths, and internal IPs. Before running or using this skill: 1) Confirm the exact target directory you want scanned — the script will read every matched file and can reveal secrets. 2) Be aware SKILL.md requires outputting the full report to chat, which will include detected secret lines (truncated but potentially sensitive); do not run it in a channel or conversation that is public or archived if you do not want those secrets recorded. 3) If you prefer, run bash scripts/publish-check.sh locally in a terminal yourself and inspect the results before copying any parts into chat. 4) Review the actual repository copy of scripts/publish-check.sh (the provided excerpt was truncated in the listing) to ensure no later-added behavior (network calls, uploads, or obfuscation) exists. If you want to proceed, ask the user to explicitly confirm the target path and confirm they understand that the report may contain sensitive data.
功能分析
Type: OpenClaw Skill Name: skill-publish-vetter Version: 1.1.0 The skill is a defensive utility designed to prevent the accidental publication of secrets (API keys, tokens, passwords) to ClawHub. It implements a mandatory multi-step workflow in SKILL.md that requires a privacy scan and explicit user confirmation before executing the 'clawhub publish' command. The scanning logic in scripts/publish-check.sh uses local grep patterns to identify sensitive data and does not contain any network exfiltration or obfuscated code.
能力标签
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
The name/description state a pre-publish privacy scan and the bundle includes a shell scanning script (scripts/publish-check.sh) plus SKILL.md instructions that call that script. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
SKILL.md mandates running the included script against the target skill directory and printing the full scan report to chat ("do not summarize or omit anything"). That is coherent with vetting, but it explicitly instructs the agent to output detected sensitive lines (partially truncated by the script). This means secrets discovered by the scan will be echoed into the conversation/chat logs — expected for a vetter but a privacy risk the user should be aware of.
Install Mechanism
No install spec; this is instruction-only with an included shell script. The script uses only local POSIX tools (grep/sed/find) and writes to a temporary file. No downloaded code or external package installs.
Credentials
The skill requests no environment variables or credentials. The scanner operates on file contents only and does not attempt to read config paths or other skills' secrets.
Persistence & Privilege
always is false, autonomous invocation defaults are unchanged, and the skill does not modify system state or other skills' configs. It writes only a temporary results file and prints a report.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-publish-vetter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-publish-vetter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Pre-publish privacy scan for ClawHub skills - detect tokens, keys, credentials, personal info before publishing
元数据
Slug skill-publish-vetter
版本 1.1.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Skill Publish Vetter 是什么?

Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 58 次。

如何安装 Skill Publish Vetter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-publish-vetter」即可一键安装,无需额外配置。

Skill Publish Vetter 是免费的吗?

是的,Skill Publish Vetter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Publish Vetter 支持哪些平台?

Skill Publish Vetter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Publish Vetter?

由 wei dong(@weidongkl)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论