← 返回 Skills 市场
726
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install solo-audit
功能描述
Health check knowledge base for broken links, missing frontmatter, tag inconsistencies, and coverage gaps. Use when user says "audit KB", "check frontmatter"...
安全使用建议
This skill appears to do what it says: scan markdown files for frontmatter, links, tags, orphans, and coverage gaps. Before installing/using it, note two practical cautions: (1) it may execute any link-checker scripts found in your repo (it runs Bash and project scripts if present) — only run it against repositories you trust or run it inside a sandbox/container; (2) confirm what the listed tool mcp__solograph__kb_search is in your environment (it may call an internal search helper). No credentials or external downloads are requested. If you want extra safety, run the audit manually or review the audit output before applying any automated fixes.
功能分析
Type: OpenClaw Skill
Name: solo-audit
Version: 1.4.1
The skill bundle is classified as suspicious due to a critical arbitrary code execution vulnerability. In SKILL.md, Step 4 instructs the AI agent to 'run it as well' if a script named `scripts/check_links.py` exists in the project. Given that `Bash` is an `allowed-tool`, this instruction allows for the execution of arbitrary code present in the user's project, creating a prompt injection vulnerability that leads to remote code execution (RCE). While the skill bundle itself does not contain malicious payloads, it provides a mechanism for an attacker (or a compromised project) to execute arbitrary commands via the agent.
能力评估
Purpose & Capability
Name/description match the instructions: the SKILL.md describes finding .md files, checking frontmatter, tags, links, orphans, and coverage—all appropriate for a knowledge-base audit. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are focused on KB content and use Read, Grep, Glob, Bash and an internal search tool to analyze markdown files. The SKILL.md also says 'if a link-checking script exists in the project, run it' — this will execute project-supplied scripts if present, which is within audit scope but means the agent can run arbitrary code from the repository. Users should be aware of that execution risk.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. Requested access is limited to repository files and optional local scripts, which is proportional to an audit task.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. It can be invoked autonomously (default), which is normal; there's no evidence of modifications to other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solo-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/solo-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.1
Universalize: remove project-specific references, add SearXNG recommendation
v1.4.0
Initial ClawHub release
元数据
常见问题
Audit 是什么?
Health check knowledge base for broken links, missing frontmatter, tag inconsistencies, and coverage gaps. Use when user says "audit KB", "check frontmatter"... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 726 次。
如何安装 Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solo-audit」即可一键安装,无需额外配置。
Audit 是免费的吗?
是的,Audit 完全免费(开源免费),可自由下载、安装和使用。
Audit 支持哪些平台?
Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Audit?
由 Rust(@fortunto2)开发并维护,当前版本 v1.4.1。
推荐 Skills