← 返回 Skills 市场
oscarcode9

tenk-connect

作者 Oscar Martinez Martinez · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
702
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install tenk-connect
功能描述
Connect your TenK account to your AI assistant. Log practice sessions, check progress, and manage your 10,000-hour journey from chat.
安全使用建议
This skill appears to do exactly what it says: it runs a local CLI script that uses the TenK API and stores a bearer token in ~/.config/tenk-connect/token (file permission 600). Before installing, verify you trust the TenK service (tenk.oventlabs.com) and the skill author (SKILL.md/README point to a GitHub repo). Ensure curl and python3 are available, and remember that the stored token grants access to your TenK account for its lifetime — revoke it from your TenK account if you uninstall or suspect misuse. The registry metadata omitted required binaries; that mismatch is not malicious but worth double-checking. If you want stronger isolation, inspect the script yourself before running and consider running auth steps in a controlled environment.
功能分析
Type: OpenClaw Skill Name: tenk-connect Version: 1.0.2 The skill bundle contains a critical Python code injection vulnerability in `scripts/tenk.sh`. User-controlled input (`skill_query`) is directly interpolated into a Python string within `python3 -c` calls in the `cmd_log` function, allowing for arbitrary Python code execution and potential shell injection (RCE). While this is a severe flaw, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation. All network calls are directed to the legitimate `tenk.oventlabs.com` domain, and token handling appears standard. The issue is a lack of input sanitization, classifying it as a vulnerability rather than intentional malware.
能力评估
Purpose & Capability
The skill claims to manage a TenK account and the included bash script exclusively calls tenk.oventlabs.com API endpoints and implements OAuth device flow — this matches the description. Minor mismatch: the registry metadata lists no required binaries, but SKILL.md and the script require curl and python3.
Instruction Scope
Runtime instructions are limited to running the provided script (<SKILL_DIR>/scripts/tenk.sh) to authenticate, list skills, log sessions, and query stats. The script only reads/writes its own config token file (~/.config/tenk-connect/token) and communicates with the documented TenK API endpoints; it does not access other system files or unrelated environment variables.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled script. No network-based installer or third-party package downloads are used, so there is no elevated install risk.
Credentials
The skill requests no environment variables or external credentials in the registry. It does persist an OAuth bearer token to ~/.config/tenk-connect/token (chmod 600). This is appropriate for its purpose, but users should be aware the token grants API access for its lifetime (noted as 7 days) and is stored on disk.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. Its only persistent effect is saving a token under the user's config directory, which is expected behavior for a CLI client.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tenk-connect
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tenk-connect 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
tenk-connect 1.0.2 - Updated SKILL.md and README.md to clarify requirements and instructions. - Added "homepage" and "requires" fields to metadata. - Improved setup and usage sections for clarity. - Noted required dependencies: curl and python3.
v1.0.1
- Minor copy updates and formatting adjustments to the documentation for improved readability. - No changes to code or features.
v1.0.0
Initial release of tenk-connect — connect and manage your TenK account from chat. - Log practice sessions, including skill selection and notes - View total hours, progress toward 10,000-hour goal, and per-skill stats - Check current streaks and last activity per skill - OAuth device flow authentication with saved tokens - Simple CLI commands for all operations: log, stats, skills, whoami, streak, logout
元数据
Slug tenk-connect
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

tenk-connect 是什么?

Connect your TenK account to your AI assistant. Log practice sessions, check progress, and manage your 10,000-hour journey from chat. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 702 次。

如何安装 tenk-connect?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tenk-connect」即可一键安装,无需额外配置。

tenk-connect 是免费的吗?

是的,tenk-connect 完全免费(开源免费),可自由下载、安装和使用。

tenk-connect 支持哪些平台?

tenk-connect 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 tenk-connect?

由 Oscar Martinez Martinez(@oscarcode9)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论