← 返回 Skills 市场
pig-gua

技能商店客户端

作者 呱仔 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
275
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-shop
功能描述
技能商店客户端,支持查询在线技能、一键下载安装技能包
安全使用建议
This package does what it claims (query a local skill store and install skill archives), but it contains risky behaviors you should consider before installing or running it: - Unsafe archive extraction: zipfile.extractall and tarfile.extractall are used without any path sanitization; specially crafted archives can overwrite files anywhere the process can write. Treat downloads as untrusted data. - Hardcoded install path: it writes to /root/.openclaw/workspace/skills/, which assumes root and a specific layout. Run as a non-privileged user and change SKILLS_DIR to a safer location. - No integrity checks: downloaded packages are not validated (no signatures or checksums). An attacker controlling the shop endpoint can supply malicious packages. - External commands: RAR extraction invokes the system 'unrar' binary; that executes external code and may have its own risks. Recommendations before use: - Only point SHOP_BASE_URL to a shop you control and trust (default is localhost). Verify the server endpoint and run it in a secure environment. - Don't run this as root. Change SKILLS_DIR to a dedicated non-root directory you control. - Add or require package signatures/checksums and validate them before extraction. - Replace extractall with safe extraction that prevents path traversal, or validate archive entries before writing. - Audit any skill packages you install before executing them. Given these issues, treat the skill as suspicious until the extraction and path/config practices are fixed or until you can audit the shop and packages it will download.
功能分析
Type: OpenClaw Skill Name: skill-shop Version: 1.0.1 The skill bundle functions as a 'Skill Shop' client that downloads, extracts, and installs executable code from a local server (127.0.0.1:8080) into a sensitive system directory (/root/.openclaw/workspace/skills/). It is highly vulnerable to path traversal attacks (ZipSlip) because main.py lacks sanitization when extracting ZIP/TAR archives, and it automatically grants execution permissions (chmod 755) to downloaded scripts without any signature verification or integrity checks. While these represent critical security flaws that could lead to arbitrary code execution, there is no clear evidence of intentional malice or data exfiltration.
能力评估
Purpose & Capability
The code implements the advertised functionality (list/search/install skills from a shop). Dependencies (requests, python) match the purpose. However the install target is hardcoded to /root/.openclaw/workspace/skills/, which is surprising (assumes root and a specific filesystem layout) and should be configurable rather than baked into the script.
Instruction Scope
The script downloads arbitrary skill packages from SHOP_BASE_URL and extracts them to disk. Extraction uses zipfile.extractall and tarfile.extractall without path sanitization, which is vulnerable to zip-slip / tar path-traversal and can overwrite arbitrary files. It may also invoke system 'unrar'. The SKILL.md does not warn about these risks, nor does the code validate signatures/checksums or restrict allowed paths.
Install Mechanism
There is no separate installer (instruction-only plus an included main.py). No external install URLs are used; downloads are performed at runtime from SHOP_BASE_URL (default localhost). The lack of an install spec is low risk on its own, but runtime downloads/extraction introduce higher risk as noted above.
Credentials
The skill requests no credentials or env vars, which aligns with its stated purpose. However it requires write access to a hardcoded root-owned path and uses /tmp for extraction; this implicit requirement (root write access) is not declared in metadata and is disproportionate to a general client tool.
Persistence & Privilege
always is false and the skill does not modify other skills' configuration. Installing downloaded skill packages into the skills directory is expected behavior for a store client. The capability to drop arbitrary files into the skills directory increases blast radius but is consistent with the stated function.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-shop
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-shop 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
修复发布问题
v1.0.0
初始版本发布
元数据
Slug skill-shop
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

技能商店客户端 是什么?

技能商店客户端,支持查询在线技能、一键下载安装技能包. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 275 次。

如何安装 技能商店客户端?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-shop」即可一键安装,无需额外配置。

技能商店客户端 是免费的吗?

是的,技能商店客户端 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

技能商店客户端 支持哪些平台?

技能商店客户端 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 技能商店客户端?

由 呱仔(@pig-gua)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论