← 返回 Skills 市场
cole-z

Tarkov API + Wiki Hardcore Assistant

作者 ColeZ · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
726
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install tarkov-api
功能描述
Security-focused Tarkov.dev + optional EFT Wiki operations for hardcore Escape from Tarkov players. Use when users want reliable EFT data lookups (items, pri...
安全使用建议
This skill appears to do what it says: query api.tarkov.dev and optionally the EFT wiki, and convert results into gamer-friendly recommendations. Before installing: (1) only use --allow-unsafe-endpoint if you trust the alternate host; the script refuses non-official endpoints by default, which is good; (2) when using stash-value, only point to data files you control — do not pass paths to sensitive local files you wouldn't want included in requests or printed output; (3) it's pure Python stdlib (no third-party downloads), so review the single script if you want extra assurance; (4) if you enable autonomous agent invocation, remember the agent could call the skill and cause outbound requests (this is standard behavior). If you need higher assurance, run the script locally in a sandbox and inspect network traffic or the source before granting runtime access.
功能分析
Type: OpenClaw Skill Name: tarkov-api Version: 1.0.2 The skill is classified as suspicious due to a Local File Inclusion (LFI) vulnerability in the `stash-value` command within `scripts/tarkov_api.py`. The script directly reads the file path provided by the `--items-file` argument without validation or sandboxing, allowing a prompt-injected AI agent to potentially read arbitrary files on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). While the skill's overall design and documentation (`SKILL.md`, `references/security-model.md`) emphasize security and explicitly forbid malicious actions like remote code execution, this LFI risk constitutes a significant vulnerability that could lead to sensitive data exposure.
能力评估
Purpose & Capability
Name/description (Tarkov data + wiki) aligns with included script and docs: the code only calls the Tarkov GraphQL endpoint and the EFT fandom wiki API, exposes item/status/task/price commands, and documents those features. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and the Python script keep scope narrow and include explicit security rules (use api.tarkov.dev by default, bound limits, avoid executing remote code). One practical scope note: stash-value reads a user-supplied file path and will parse and use its contents — this is expected for stash snapshots but means the user should not point the skill at sensitive local files.
Install Mechanism
No install spec; skill is instruction + a single Python script that uses only stdlib modules (urllib, json, csv, etc.). No downloads, package installs, or external installers are present.
Credentials
No environment variables, secrets, or external credentials are required. The code does not read extraneous env vars. Network access is limited to the declared endpoints (with an explicit --allow-unsafe-endpoint override required to contact other hosts).
Persistence & Privilege
Skill is not marked always:true and does not request persistent system-wide changes. It does not modify other skills or system config. Autonomous invocation remains enabled by platform default (no unusual privilege in the skill itself).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tarkov-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tarkov-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Harden wiki usage policy: wiki calls are now conditional (not default), added outbound request notice, and clarified API-first behavior with minimal-purpose wiki validation.
v1.0.1
Add Data Sources & Attribution section (Tarkov.dev API + EFT Wiki), clarify citation and minimal-excerpt guidance, and reinforce in-game verification after patches.
v1.0.0
Initial release: secure Tarkov.dev + EFT wiki workflows, raid-kit recommendations, map risk, stash value, trader flip, and task/wiki reference support.
元数据
Slug tarkov-api
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Tarkov API + Wiki Hardcore Assistant 是什么?

Security-focused Tarkov.dev + optional EFT Wiki operations for hardcore Escape from Tarkov players. Use when users want reliable EFT data lookups (items, pri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 726 次。

如何安装 Tarkov API + Wiki Hardcore Assistant?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tarkov-api」即可一键安装,无需额外配置。

Tarkov API + Wiki Hardcore Assistant 是免费的吗?

是的,Tarkov API + Wiki Hardcore Assistant 完全免费(开源免费),可自由下载、安装和使用。

Tarkov API + Wiki Hardcore Assistant 支持哪些平台?

Tarkov API + Wiki Hardcore Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Tarkov API + Wiki Hardcore Assistant?

由 ColeZ(@cole-z)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论