← 返回 Skills 市场

Soil Rich Ops

Name: Soil Rich Ops
Author: martc03

作者 Martin · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

352

总下载

当前安装

版本数

在 OpenClaw 中安装

/install soilrich-ops

功能描述

Manage Soil Rich by John — website updates, blog/social content, ISDA compliance, orders, FFA programs. Notion-powered.

安全使用建议

This skill appears to do what it says (manage website, Notion content, compliance data), but the SKILL.md expects access to local repos, an iCloud Documents folder, and external APIs (Notion, Netlify) while the registry declares no required credentials or paths. Before installing, ask the author to: (1) explicitly list required environment variables (e.g., NOTION_TOKEN, NETLIFY_AUTH_TOKEN, repo SSH key) and any config paths, (2) explain why the iCloud Documents path is needed and restrict file access to only the necessary files, (3) confirm which commands will be run and whether deployments require explicit user approval (ensure deploys cannot happen without explicit consent), and (4) provide the 'site-deployer' skill’s identity and behavior (since deploys are delegated). If you cannot get clear answers, avoid granting the skill access to your website repo, iCloud folders, or API tokens. Consider running it in a sandbox or giving it read-only test data/credentials first.

功能分析

Type: OpenClaw Skill Name: soilrich-ops Version: 1.0.0 The skill is classified as suspicious due to the potential for shell injection vulnerabilities. The `soil site update` command takes user-controlled `[page]` and `[content]` arguments, which are then used to modify files in `~/soilrich-website/` and commit changes via `git`. If these inputs are not rigorously sanitized by the agent before being passed to shell commands, an attacker could inject arbitrary commands. While the skill's stated purpose is benign, this vulnerability, combined with the broad `git` and `npm` command permissions, presents a significant risk of unauthorized code execution within the agent's environment.

能力评估

⚠ Purpose & Capability

The skill's purpose (website updates, Notion-driven content, compliance, orders, FFA) aligns with the instructions (editing a local website repo, reading Notion DBs, deploying to Netlify). However the metadata/registry listing declares no required binaries, env vars, or config paths while the SKILL.md explicitly lists file access to ~/soilrich-website and an iCloud path and network access to api.notion.com and api.netlify.com and commands git/npm/netlify. That mismatch between claimed requirements and actual runtime needs is incoherent and should be resolved before use.

⚠ Instruction Scope

The SKILL.md instructs the agent to modify files in ~/soilrich-website, read label files in an iCloud Documents path, commit changes with git, run npm/netlify-related deployments, and read multiple Notion databases. It also says it can 'search the web' for FFA events but only lists api.notion.com/api.netlify.com as network targets. These instructions reference user-local files and external services beyond what the registry declared and grant broad discretion to access and change local content (website repo and label files).

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files, which lowers supply-chain risk because nothing is downloaded or written by an installer. The main runtime risk comes from the actions the agent will be instructed to take (file edits, network calls).

⚠ Credentials

The SKILL.md requires access to Notion and Netlify APIs and local repositories, but the skill registry lists no required environment variables or primary credential. Expected credentials (e.g., NOTION_TOKEN, NOTION_INTEGRATION, NETLIFY_AUTH_TOKEN, or repository access tokens/SSH keys) are missing from the declared requirements. The skill also references an iCloud Documents path which could contain other sensitive files; no justification or limits are declared. Missing declarations impede user consent and least-privilege review.

ℹ Persistence & Privilege

always is false (good). The skill will modify local files and commit/deploy when invoked and may be able to run commands like git/npm/netlify; autonomous invocation is allowed by default but not flagged here. There's no indication it requests permanent system-wide changes or modifies other skills' configs. Still, the skill's ability to edit local repo files and access iCloud-stored documents is a non-trivial privilege the user should explicitly authorize.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install soilrich-ops
安装完成后，直接呼叫该 Skill 的名称或使用 /soilrich-ops 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of soilrich-ops — manage Soil Rich by John operations from your phone. - Update and deploy website content via Next.js/Netlify. - Draft blog and social posts, saved directly to Notion. - Look up product ISDA compliance and label requirements. - Track orders and customer information from Notion Orders database. - Manage FFA program info, sponsorships, and events. - All actions integrated with Notion-powered databases and file access.

元数据

Slug soilrich-ops

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Soil Rich Ops 是什么？

Manage Soil Rich by John — website updates, blog/social content, ISDA compliance, orders, FFA programs. Notion-powered. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 352 次。

如何安装 Soil Rich Ops？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install soilrich-ops」即可一键安装，无需额外配置。

Soil Rich Ops 是免费的吗？

是的，Soil Rich Ops 完全免费（开源免费），可自由下载、安装和使用。

Soil Rich Ops 支持哪些平台？

Soil Rich Ops 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Soil Rich Ops？

由 Martin（@martc03）开发并维护，当前版本 v1.0.0。