← 返回 Skills 市场
Sop Architect
作者
balkanblbn
· GitHub ↗
· v1.1.0
456
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install sop-architect
功能描述
Automatically generates detailed Standard Operating Procedures (SOPs) for recurring digital tasks. Ideal for scaling agency operations or documenting interna...
安全使用建议
This skill appears to do what it says: it generates SOP markdown files and contains a small bash helper. No network calls or credentials are requested. Before installing, consider: 1) review or sanitize task names you pass to avoid accidental path traversal or file overwrite (the script does not sanitize '..' segments); 2) run the skill from a safe working directory or container so file writes cannot overwrite important files; 3) if you expect to use untrusted input for task names, modify the script to reject or sanitize non-alphanumeric characters. Otherwise the skill is coherent and low-risk.
功能分析
Type: OpenClaw Skill
Name: sop-architect
Version: 1.1.0
The `scripts/generate_sop.sh` file contains a shell injection vulnerability. The unquoted use of `$TASK_NAME` in the `echo "# SOP: $TASK_NAME" > "$FILE"` command allows for command substitution. If the `TASK_NAME` argument (derived from user input by the agent) contains constructs like `$(command)`, the embedded command will be executed, posing a remote code execution risk. This is a vulnerability that allows attacks, classifying it as suspicious rather than malicious due to the lack of clear intent for self-exploitation or other harmful actions within the skill's design.
能力评估
Purpose & Capability
Name/description match the provided files. SKILL.md describes generating SOPs and the included script creates SOP markdown files from provided inputs — this is proportionate to the stated purpose.
Instruction Scope
Runtime instructions stay within the skill's purpose and only describe composing SOP content and saving it under SOPs/<task-name>.md. One implementation detail: scripts/generate_sop.sh writes files using the raw task name (spaces replaced with underscores) and does not sanitize path traversal segments (e.g., TASK_NAME='../foo' leads to SOPs/../foo.md which resolves outside the SOPs directory). This is a minor safety/overwrite risk but not evidence of malicious intent.
Install Mechanism
No install spec; instruction-only skill with a small helper script. Nothing is downloaded or executed from external URLs.
Credentials
No environment variables, credentials, or config paths are requested. SKILL.md suggests documenting 'access levels' in SOP content but does not request or access any secrets.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify agent-wide configuration. It writes files only under the working directory (with the minor path-traversal caveat noted).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sop-architect - 安装完成后,直接呼叫该 Skill 的名称或使用
/sop-architect触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added SOP generation script
v1.0.0
Workflow automation and documentation
元数据
常见问题
Sop Architect 是什么?
Automatically generates detailed Standard Operating Procedures (SOPs) for recurring digital tasks. Ideal for scaling agency operations or documenting interna... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 456 次。
如何安装 Sop Architect?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sop-architect」即可一键安装,无需额外配置。
Sop Architect 是免费的吗?
是的,Sop Architect 完全免费(开源免费),可自由下载、安装和使用。
Sop Architect 支持哪些平台?
Sop Architect 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sop Architect?
由 balkanblbn(@balkanblbn)开发并维护,当前版本 v1.1.0。
推荐 Skills