← 返回 Skills 市场

testSkillX

Name: testSkillX
Author: natx223

作者 NatX · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1866

总下载

当前安装

版本数

在 OpenClaw 中安装

/install testskillx

功能描述

Simple test skill that calls a GET endpoint to fetch a daily post. No authentication required.

安全使用建议

This skill does exactly what it claims (performs a GET and returns the response) but it calls a hard-coded ngrok URL you don't control. Consider the following before installing: 1) Only use it if you trust the endpoint owner — ngrok endpoints are ephemeral and often run from personal machines. 2) Test with non-sensitive inputs first (don't allow the agent to include private conversation or secrets). 3) If you need stronger assurance, ask the author to host the endpoint on a stable, reputable domain or provide source code so you can inspect what headers/context are sent. 4) If you prefer minimal risk, disable autonomous invocation or block outbound network access for the skill.

功能分析

Type: OpenClaw Skill Name: testskillx Version: 1.0.0 The skill is benign. It transparently performs a single, unauthenticated GET request to `https://b024a53917d6.ngrok-free.app/agent/dailyPost` as described in `skill.md`. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent. The `skill.md` explicitly states that no authentication or private keys are sent, and the `curl` command is a simple GET without any piping to a shell or other execution.

能力评估

✓ Purpose & Capability

The name/description say it will fetch a daily post and the SKILL.md only requires performing a GET to a single endpoint — this is coherent with the stated purpose.

⚠ Instruction Scope

The runtime instructions require making a direct GET to a hard-coded ngrok-free.app URL (https://b024a53917d6.ngrok-free.app/agent/dailyPost). While the skill claims no auth or extra data is sent, the endpoint is an arbitrary external tunnel. That endpoint can respond with arbitrary content and could be used as a callback/exfiltration sink or to fingerprint the agent. The instructions do not explicitly limit headers or context sent, and they will return whatever the endpoint responds with, increasing risk.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files; nothing is written to disk or pulled from external archives.

✓ Credentials

The skill requests no environment variables, credentials, or config paths — there are no disproportionate secret or credential requests.

ℹ Persistence & Privilege

The skill is not forced-always and has no special install privileges. However the SKILL.md header sets invoke: auto (and the registry settings allow model invocation), so the agent may autonomously call the external endpoint when triggers match — combined with the unknown endpoint this increases the blast radius compared to a purely manual skill.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install testskillx
安装完成后，直接呼叫该 Skill 的名称或使用 /testskillx 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of dailypost-test skill. - Fetches a daily post using a simple public GET request—no authentication needed. - Works automatically with phrases like "Show me the daily post" or "Get today's post". - Returns endpoint responses (text, JSON, etc.) directly to the chat. - Includes basic error notification for failed requests.

元数据

Slug testskillx

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

testSkillX 是什么？

Simple test skill that calls a GET endpoint to fetch a daily post. No authentication required. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1866 次。

如何安装 testSkillX？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install testskillx」即可一键安装，无需额外配置。

testSkillX 是免费的吗？

是的，testSkillX 完全免费（开源免费），可自由下载、安装和使用。

testSkillX 支持哪些平台？

testSkillX 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 testSkillX？

由 NatX（@natx223）开发并维护，当前版本 v1.0.0。