← 返回 Skills 市场
683
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install sun-path
功能描述
Generates a sun path diagram, calculates solar position, performs building shadow analysis, and analyzes thermal comfort.
安全使用建议
This skill appears to do exactly what it says: local Python scripts that calculate solar geometry, shadowing, and create plots. Before installing or using it: 1) Review and run the scripts in a controlled environment (virtualenv/container) and install the requirements from requirements.txt rather than system-wide. 2) Be mindful of the SKILL.md instruction to 'execute without confirmation' — if you allow autonomous agent invocation, the agent may run the scripts immediately when asked; if you want manual control, disable autonomous invocation or require confirmation. 3) When using terrain_shadow, only pass DEM files you trust and watch memory/CPU usage (the algorithm is potentially slow for large rasters). 4) PUBLISH.md contains deployment notes and an IP address (author's example); that is documentation only and not executed by the skill — nevertheless, verify the author's identity/source if you prefer published skills from known repos. 5) If you need stricter controls, run the skill in an isolated agent or sandbox and monitor file outputs under the allowed media dirs before enabling it for broad/autonomous use.
功能分析
Type: OpenClaw Skill
Name: sun-path
Version: 1.4.1
The skill is classified as suspicious due to the `shell:exec` permission and the agent instructions in `SKILL.md` that direct the agent to execute Python scripts with user-controlled arguments. While the scripts themselves appear to perform their stated functions (solar calculations, plotting), the direct execution of `python3 scripts/*.py` with user-provided `--output` paths (e.g., `/tmp/shadow.png`) creates a potential path for shell injection if the agent were to pass unsanitized user input directly to the shell command. The `PUBLISH.md` file also contains `rsync` and `npm` commands, which, while part of a deployment process, highlight the broad shell access available. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the combination of `shell:exec` and user-controlled arguments represents a significant vulnerability.
能力评估
Purpose & Capability
Name/description match the included scripts and requirements. The Python scripts implement sun-position, sun-path plotting, building shadow, annual hours, terrain DEM shadow, and a psychrometric plot; the listed Python packages are appropriate for these tasks.
Instruction Scope
SKILL.md instructs the agent to run the included scripts via shell exec and to write/send generated images from allowed media dirs. This stays within the skill's purpose. One attention point: the instructions explicitly say 'Do not ask for confirmation; execute and return the image and a short summary' — that reduces user-interaction checks and could lead to unexpected immediate execution if the agent is allowed autonomous invocation. Functionally, however, the commands only read user-specified inputs (coordinates, DEM path, building dims) and write outputs.
Install Mechanism
No install spec is present (instruction-only), so nothing is downloaded or executed at install time. Dependencies are standard Python packages listed in requirements.txt; the README asks the user to run pip install -r requirements.txt manually. No remote URLs or archive extraction occur during install.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The scripts don't read env vars or secret files — they operate on parameters and user-supplied DEM files only. This is proportionate to the stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide changes. However, because SKILL.md requires shell exec and instructs the agent to run scripts without asking for confirmation, an autonomously-invoked agent (the platform default) could execute those scripts immediately when triggered. That increases the practical blast radius but is coherent with the skill's operation (image generation) and not excessive by itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sun-path - 安装完成后,直接呼叫该 Skill 的名称或使用
/sun-path触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.1
Patch: OpenClaw allowed media paths docs.
v1.4.0
requirements.txt and Setup section for dependencies.
v1.3.1
Image output and agent behavior: run scripts directly, send PNG to Telegram.
v1.3.0
Annual sun hours, terrain DEM shadow, psychrometric comfort; doc and publish in English.
元数据
常见问题
Sun Path & Environmental Analysis 是什么?
Generates a sun path diagram, calculates solar position, performs building shadow analysis, and analyzes thermal comfort. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 683 次。
如何安装 Sun Path & Environmental Analysis?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sun-path」即可一键安装,无需额外配置。
Sun Path & Environmental Analysis 是免费的吗?
是的,Sun Path & Environmental Analysis 完全免费(开源免费),可自由下载、安装和使用。
Sun Path & Environmental Analysis 支持哪些平台?
Sun Path & Environmental Analysis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sun Path & Environmental Analysis?
由 AddinCui(@qrost)开发并维护,当前版本 v1.4.1。
推荐 Skills