← 返回 Skills 市场
Sort
作者
BytesAgain2
· GitHub ↗
· v3.0.2
· MIT-0
307
总下载
0
收藏
2
当前安装
8
版本数
在 OpenClaw 中安装
/install sort
功能描述
Sort files, lines, and columns with custom ordering and dedup. Use when scanning duplicates, monitoring changes, reporting results, alerting anomalies.
安全使用建议
This skill appears coherent and local-only: it sorts and analyses files using a bundled shell script and standard utilities. Before installing or invoking it, be aware that it will create ~/.local/share/sort/history.log and append entries containing the filenames and operation details (counts, flags). If you plan to run it on sensitive files, either inspect the script yourself, run it in a sandbox, or clear/relocate the history file afterwards. Also note the python fallback embeds the provided JSON key into inline Python code (unescaped), which is fine for normal keys but could misbehave with unexpected characters—prefer using jq if available. Otherwise there are no requested credentials or network endpoints to be concerned about.
功能分析
Type: OpenClaw Skill
Name: sort
Version: 3.0.2
The skill bundle contains a critical command injection vulnerability in the `cmd_json` function within `scripts/script.sh`. The Python fallback implementation for JSON sorting interpolates the `${key}` and `${file}` variables directly into a `python3 -c` command string and a Python f-string, allowing for arbitrary code execution (RCE) if a malicious key or filename is provided. While the tool's functionality is consistent with its stated purpose and it includes documented local logging to `~/.local/share/sort/history.log`, the lack of input sanitization in a high-risk execution context warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description match the code and instructions: the script implements line/csv/json/dedup/shuffle/rank/top/freq/stats operations. No unrelated credentials, binaries, or network access are requested.
Instruction Scope
Runtime instructions are focused on file-processing commands and match the included script. The SKILL.md and script explicitly log operations to ~/.local/share/sort/history.log; this is in-scope for an audit trail but is additional data collection the user should expect.
Install Mechanism
No install spec or external downloads; the skill is instruction + an included shell script. It relies on standard OS utilities (sort, awk, head, tail, etc.) and optionally jq/python3 if available.
Credentials
No environment variables, credentials, or config paths are required. The script checks for optional tools (jq, python3) but does not request secrets or unrelated tokens.
Persistence & Privilege
The script creates ${HOME}/.local/share/sort and appends operations to history.log. This is limited persistence (per-user) and appears reasonable for audit logging, but it will store filenames and operation metadata locally.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sort - 安装完成后,直接呼叫该 Skill 的名称或使用
/sort触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.2
v3.0.2: Fixed SKILL.md alignment — declared data storage, env vars, fixed python3 injection.
v3.0.1
v3.0.1: SKILL.md rewritten to match new script commands.
v3.0.0
v3.0.0: Complete rewrite — real sort commands instead of logging template.
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v1.0.2
old template -> domain-specific v2.0.0
v1.0.1
old template -> domain-specific v2.0.0
v1.0.0
Initial release
元数据
常见问题
Sort 是什么?
Sort files, lines, and columns with custom ordering and dedup. Use when scanning duplicates, monitoring changes, reporting results, alerting anomalies. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 307 次。
如何安装 Sort?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sort」即可一键安装,无需额外配置。
Sort 是免费的吗?
是的,Sort 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sort 支持哪些平台?
Sort 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sort?
由 BytesAgain2(@ckchzh)开发并维护,当前版本 v3.0.2。
推荐 Skills