← 返回 Skills 市场
338
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install skillsindex-mcp
功能描述
Search, score, and submit 11,000+ AI agent tools from SkillsIndex, filtered by ecosystem, category, and rated on security, utility, and maintenance.
安全使用建议
This skill appears to do what it says (search and submit to SkillsIndex), but it runs an npm package via `npx`, which will fetch and execute code from the npm registry at runtime. Because that code could potentially access files or environment variables, do not assume the 'no local file access' claim is guaranteed unless you verify the package. Before installing or invoking: 1) review the npm package page and the linked GitHub repository (confirm package version and that published code matches the repo), 2) consider pinning to a specific package version instead of running the latest, 3) run the package in a sandboxed environment the first time, 4) avoid submitting any secrets or sensitive data through submit_tool/subscribe endpoints, and 5) if you need a higher assurance, vendor the package (audit the code) or request the skill bundle include the compiled code so it can be statically reviewed. If you want higher assurance, provide the skill's npm package version and the GitHub commit/tarball hashes so an integrity check can be performed.
功能分析
Type: OpenClaw Skill
Name: skillsindex-mcp
Version: 1.0.1
The skill is transparent about its operations, explicitly stating that it uses `npx skillsindex-mcp` to run, which involves downloading a package from `npmjs.com` and making network calls to `skillsindex.dev`. The `SKILL.md` documentation clearly outlines all network endpoints, claims no local file access or data exfiltration, and provides links to open-source code. There is no evidence of prompt injection attempts against the AI agent, hidden malicious commands, or unauthorized data access/exfiltration. The use of `npx` is a standard method for running Node.js-based skills and is openly declared, not hidden or used for malicious purposes, aligning with the stated functionality.
能力评估
Purpose & Capability
Name/description match the requested capabilities: the skill queries the public SkillsIndex API and posts submissions/subscriptions to public endpoints. It declares no credentials, no config paths, and uses npx to run an npm package, which is consistent with a client that talks to a public REST API.
Instruction Scope
SKILL.md instructions are narrowly scoped to search, inspect, and submit data to skillsindex.dev and to run an MCP via `npx skillsindex-mcp`. The doc explicitly claims 'no local file access' and 'no env vars read' — but because runtime execution happens via npx (remote package code), that claim cannot be enforced by the instruction alone: code fetched and executed by npx could read files or env vars unless the package is audited. The instructions themselves do not request additional system data, but the execution model introduces risk.
Install Mechanism
This is an instruction-only skill that instructs the agent to run `npx skillsindex-mcp`. Using npx means the package will be fetched from the npm registry and executed on demand. npm is a well-known host (moderate risk), but the skill does not vendor or include the package source in the bundle being installed here. The SKILL.md points to a GitHub repo and claims the source matches the compiled output, but the package execution still runs remote code which could be changed or the npm package could be hijacked — consider pinning a specific version or auditing the package before allowing execution.
Credentials
The skill requests no environment variables or credentials, and its declared network endpoints (skillsindex.dev and npmjs.com) align with its function. The only notable data flows are POSTs to the public SkillsIndex endpoints for submit/subscribe, which are expected but mean any data you submit will be sent to an external public API — do not include secrets in submissions.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modifications to other skills. It instructs adding an entry to a local config to wire up an MCP server, which is normal for this functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillsindex-mcp - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillsindex-mcp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added a detailed security & transparency section clarifying network use, endpoints, and data handling practices.
- Expanded API documentation, specifying exact endpoint URLs, methods, and tool parameter examples.
- Explained local execution model via npx, emphasizing no persistent installation or local file/system data access.
- Linked directly to auditable TypeScript source code and clarified open source status.
- Clarified data sources, scoring methodology, and types of information retrieved from SkillsIndex.
- Overall, the documentation now provides stronger assurances around privacy, security, and how the skill interacts with external services.
v1.0.0
- Initial release of SkillsIndex MCP skill.
- Search, score, and submit AI agent tools from the SkillsIndex directory (11,000+ tools).
- New tools: search by keyword/ecosystem/category, get detailed scores/info, top-rated listings, security audits, and submit tools for scoring.
- Support for newsletter subscription.
- Designed for integration with MCP servers and AI agent platforms.
元数据
常见问题
Skills Indec MCP 是什么?
Search, score, and submit 11,000+ AI agent tools from SkillsIndex, filtered by ecosystem, category, and rated on security, utility, and maintenance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 338 次。
如何安装 Skills Indec MCP?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillsindex-mcp」即可一键安装,无需额外配置。
Skills Indec MCP 是免费的吗?
是的,Skills Indec MCP 完全免费(开源免费),可自由下载、安装和使用。
Skills Indec MCP 支持哪些平台?
Skills Indec MCP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skills Indec MCP?
由 samoth(@thomasblc)开发并维护,当前版本 v1.0.1。
推荐 Skills