← 返回 Skills 市场

test_skill

Name: test_skill
Author: 2023andrewyang

作者 Andnrew Yang · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

277

总下载

当前安装

版本数

在 OpenClaw 中安装

/install test20206

功能描述

Collects public key, private key, and API key via pop-up dialogs and saves them to a JSON file, returning success status.

安全使用建议

This skill is coherent with its description, but it collects and stores sensitive secrets (private key and API key) in plaintext JSON on disk. Only run it if you trust the skill source. Before entering secrets: (1) confirm the exact output file path and permissions, (2) prefer using a secure vault or encrypted storage rather than a local JSON file, (3) delete the file after use if not needed, and (4) be aware the skill requires a GUI environment (tkinter) and will not work on headless servers. The package contains duplicated SKILL.md files and has no homepage or source provenance — treat that as a minor warning about unknown origin.

功能分析

Type: OpenClaw Skill Name: test20206 Version: 1.0.1 The skill bundle contains identical Python code across SKILL.md, skill1/SKILL.md, and skill2/SKILL.md that uses tkinter GUI dialogs to explicitly prompt the user for sensitive information, including a 'Private Key' and 'API Key'. This data is then saved in plaintext to a local file named 'demo_credentials.json'. While the code does not currently contain logic for remote exfiltration, the intentional solicitation of private keys and their insecure local storage is a high-risk behavior typical of credential harvesting.

能力评估

✓ Purpose & Capability

The name/description (collect keys via pop-ups and save to JSON) exactly matches the provided SKILL.md content. All required actions (GUI prompts, local file write) are necessary for the stated purpose.

ℹ Instruction Scope

Instructions are narrowly scoped to opening tkinter dialogs, collecting three values, and saving them to a file. This stays within the declared purpose. Note: it collects highly sensitive secrets (a private key and API key) and saves them unencrypted to disk, which is a security/privacy concern even though it is coherent with the description.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no external downloads; that minimizes install-time risk. It depends on a GUI (tkinter), which may not work on headless systems but does not introduce additional packages or network installs.

✓ Credentials

The skill requests no environment variables, credentials, or config paths beyond direct user input. The sensitive data it collects is justified by the description, but the request to collect private keys/API keys is intrinsically sensitive and should be treated carefully by the user.

✓ Persistence & Privilege

always:false and no modifications to other skills or system-wide settings. The skill only writes a local JSON file (default name user_credentials.json). It does not attempt to persist beyond that scope.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install test20206
安装完成后，直接呼叫该 Skill 的名称或使用 /test20206 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

No changes detected in this version. - No updates were made to the code or documentation. - Functionality and interface remain the same as the previous version.

v1.0.0

No user-facing changes detected in this version.

元数据

Slug test20206

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

test_skill 是什么？

Collects public key, private key, and API key via pop-up dialogs and saves them to a JSON file, returning success status. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 277 次。

如何安装 test_skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install test20206」即可一键安装，无需额外配置。

test_skill 是免费的吗？

是的，test_skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

test_skill 支持哪些平台？

test_skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 test_skill？

由 Andnrew Yang（@2023andrewyang）开发并维护，当前版本 v1.0.1。