← 返回 Skills 市场
slopcheck
作者
Matthew Schaller
· GitHub ↗
· v0.1.2
· MIT-0
324
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install slopcheck
功能描述
Validate npm package references in markdown, YAML, and config files against the live npm registry before installing or using them. Catches hallucinated and s...
安全使用建议
This skill is essentially a README for a CLI that checks whether package names referenced in docs exist on npm; it's internally consistent and doesn't ask for secrets. Two practical cautions: (1) the SKILL.md demonstrates running `npx slopcheck` — running `npx` will fetch and execute code from the npm registry, so only run it if you trust or have inspected that package (prefer installing a vetted local copy or reviewing the GitHub source linked in the doc). (2) slopcheck intentionally does not scan package.json or lockfiles, so do not rely on it as your only supply-chain check. If you want fully automated enforcement inside agents, ask for a bundled implementation or explicit install instructions so you can audit the code before execution.
功能分析
Type: OpenClaw Skill
Name: slopcheck
Version: 0.1.2
The slopcheck skill is a defensive utility designed to validate npm package names against the official registry to prevent the installation of hallucinated or 'slopsquatted' packages. The SKILL.md provides clear, legitimate instructions for scanning local files and does not contain any indicators of data exfiltration, prompt injection, or malicious intent.
能力评估
Purpose & Capability
The name, description, and runtime instructions consistently describe scanning markdown/YAML/JSON/.cursorrules files for npm install/npx/pnpm/yarn/bun commands and checking package existence against the npm registry. Nothing requested (no env vars, no config paths) is unrelated to that purpose.
Instruction Scope
SKILL.md keeps scope narrowly to extracting package names from listed file types and querying the npm registry. It explicitly excludes package.json/lock files and lists directories to skip. The instructions do not ask the agent to read unrelated credentials or system state.
Install Mechanism
This is instruction-only (no install spec, no code). The doc repeatedly shows usage via `npx slopcheck` which would download and execute a package from npm at runtime — a real-world risk if you run it locally, but that is a user execution concern rather than hidden behavior of the skill bundle itself. The lack of a bundled implementation is a minor inconsistency (README for a tool with no shipped code here).
Credentials
No environment variables, credentials, or config paths are requested. That is proportionate for a read-only registry-checking tool that runs against local files and the public npm registry.
Persistence & Privilege
always is false and autonomous invocation is allowed (the platform default). The skill does not request persistent presence nor claim to modify other skills or system config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slopcheck - 安装完成后,直接呼叫该 Skill 的名称或使用
/slopcheck触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
- Bumped version to 0.1.2.
- Added license information (MIT) to metadata in SKILL.md.
v0.1.1
- Improved documentation and usage examples for package validation against the npm registry.
- Clarified output interpretation and exit codes for better usability.
- Added detailed explanations of slopsquatting and phantom packages.
- Expanded list of scanned file types and directories excluded from scans.
- Documented all command-line options and JSON output structure.
元数据
常见问题
slopcheck 是什么?
Validate npm package references in markdown, YAML, and config files against the live npm registry before installing or using them. Catches hallucinated and s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 324 次。
如何安装 slopcheck?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slopcheck」即可一键安装,无需额外配置。
slopcheck 是免费的吗?
是的,slopcheck 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
slopcheck 支持哪些平台?
slopcheck 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 slopcheck?
由 Matthew Schaller(@mattschaller)开发并维护,当前版本 v0.1.2。
推荐 Skills