← 返回 Skills 市场
fortunto2

Validate

作者 Rust · GitHub ↗ · v2.1.1
cross-platform ⚠ suspicious
702
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install solo-validate
功能描述
Score startup idea through S.E.E.D. niche check + STREAM 6-layer analysis + Devil's Advocate inversion, auto-pick stack, and generate PRD with acceptance cri...
安全使用建议
This skill appears coherent and reasonably low-risk, but review these practical considerations before installing or running: - It will read local markdown/docs (manifest, research.md, etc.) and may write generated PRDs to the project. Run it in a workspace that doesn't contain sensitive or private documents you don't want scanned or modified. - The skill performs web searches and (if available) will use MCP KB/project/web search tools; it does not send data to unknown external endpoints beyond normal web search. Still review any output before sharing externally. - Because Read/Grep/Bash/Write/Edit are allowed, the agent could modify files — back up important repo content or run in an isolated copy if you want to prevent accidental changes. - No credentials or installs are requested, so there's no secret-exfiltration signal in the manifest. If you later add MCP tools that provide access to additional data sources, consider whether those tools should be restricted. If you want extra caution: try the skill on a small, non-sensitive idea first and inspect generated files and logs to confirm behavior matches expectations.
功能分析
Type: OpenClaw Skill Name: solo-validate Version: 2.1.1 The `solo-validate` skill, while designed for a legitimate purpose, is classified as suspicious due to the presence of a significant shell injection vulnerability. Specifically, in `SKILL.md` (Step 2), the agent is instructed to 'Grep for idea keywords' using user-provided `$ARGUMENTS`. If the underlying agent's `Grep` or `Bash` execution does not properly sanitize this user input, it could allow an attacker to execute arbitrary shell commands. The skill also allows `Write` operations to `docs/prd.md`, which, while intended for legitimate document generation, could be a vector for content injection if not handled robustly. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control.
能力评估
Purpose & Capability
The name/description (idea validation, PRD generation, STREAM/S.E.E.D./Manifest checks) align with the skill's requests and capabilities: it uses local .md searches, bundled reference documents, web searches, and optional MCP KB/project/web search tools. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md confines searches to markdown/docs and uses web searches and bundled references for analysis, which is appropriate. Caveat: allowed-tools include Read/Grep/Bash/Write/Edit — the instructions do ask the agent to read and potentially write project files (search .md, look for research.md, generate PRD). This is coherent for a validation/PRD skill but means it will access and may modify repository docs; confirm you want that behavior in the current workspace before running.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk persistence and arbitrary code execution risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill's use of MCP-specific tools is optional and appropriate; nothing asks for unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It may write PRD files (Write/Edit are allowed) but does not request system-wide or other-skills' configuration changes. Autonomous invocation is allowed by platform default but not granted elevated 'always' presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install solo-validate
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /solo-validate 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
Universalize: remove project-specific references, add SearXNG recommendation
v2.1.0
Initial publish
元数据
Slug solo-validate
版本 2.1.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Validate 是什么?

Score startup idea through S.E.E.D. niche check + STREAM 6-layer analysis + Devil's Advocate inversion, auto-pick stack, and generate PRD with acceptance cri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 702 次。

如何安装 Validate?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install solo-validate」即可一键安装,无需额外配置。

Validate 是免费的吗?

是的,Validate 完全免费(开源免费),可自由下载、安装和使用。

Validate 支持哪些平台?

Validate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Validate?

由 Rust(@fortunto2)开发并维护,当前版本 v2.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论