← 返回 Skills 市场

TRIGGERcmd - Run commands on your computers remotely

Name: TRIGGERcmd - Run commands on your computers remotely
Author: rvmey

作者 rvmey · GitHub ↗ · v1.0.4

cross-platform ✓ 安全检测通过

699

总下载

当前安装

版本数

在 OpenClaw 中安装

/install triggercmd

功能描述

Control TRIGGERcmd computers remotely by listing and running commands via the TRIGGERcmd REST API.

安全使用建议

This skill looks like a straightforward wrapper for the TRIGGERcmd REST API and is internally consistent aside from a small metadata mismatch. Before installing: 1) Confirm you trust the skill source (published source is unknown; homepage is triggercmd.com). 2) Use a limited-scope API token if TRIGGERcmd supports token scopes, and prefer setting TRIGGERCMD_TOKEN as an environment variable for ephemeral sessions rather than storing it on disk. 3) If you use the file fallback, ensure ~/.TRIGGERcmdData/token.tkn is created with chmod 600 as recommended. 4) Always review the exact command the agent plans to run and ask for confirmation before executing actions that have side effects on your machines. 5) If you need stronger assurance, request the publisher add proper registry metadata (mark TRIGGERCMD_TOKEN as primary credential) or provide a signed source/repository for inspection.

功能分析

Type: OpenClaw Skill Name: triggercmd Version: 1.0.4 The skill is designed to control TRIGGERcmd computers remotely, a powerful but legitimate function. It demonstrates strong security awareness by explicitly warning against token exposure, instructing the agent to confirm commands with side effects, and using `jq -n --arg` to prevent JSON injection in `SKILL.md`. There is no evidence of unauthorized data exfiltration, arbitrary local command execution, persistence mechanisms, or malicious prompt injection attempts against the agent.

能力评估

ℹ Purpose & Capability

Name and description match the runtime instructions: the skill only calls the TRIGGERcmd REST API and needs curl and jq. One minor inconsistency: the registry metadata lists 'Primary credential: none' while the SKILL.md clearly treats TRIGGERCMD_TOKEN as the primary credential (with a file fallback). This appears to be a metadata bookkeeping error rather than functional misalignment.

✓ Instruction Scope

SKILL.md is instruction-only and confines actions to: reading an API token (env var or single file), building Authorization headers, calling https://www.triggercmd.com/api endpoints, and parsing responses with jq. It does not instruct reading unrelated system files or contacting unexpected endpoints. It warns not to print or log the token and to confirm before running side-effecting commands.

✓ Install Mechanism

There is no install spec and no code files; the skill is instruction-only and relies on existing curl and jq binaries. This is the lowest-risk install model.

ℹ Credentials

The single required secret (TRIGGERCMD_TOKEN) is appropriate and expected for a REST-API integration. The SKILL.md documents a reasonable file fallback (~/.TRIGGERcmdData/token.tkn) with permission guidance. The only issue is the registry metadata claiming no primary credential, which conflicts with the declared required env var in the skill — this is likely a metadata mismatch.

✓ Persistence & Privilege

The skill does not request permanent presence (always: false), does not modify other skills or system-wide agent settings, and the runtime instructions do not require elevated privileges. Autonomous invocation is allowed (platform default) but not combined with other high-risk factors.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install triggercmd
安装完成后，直接呼叫该 Skill 的名称或使用 /triggercmd 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

- The run_command documentation now uses computer and command names directly instead of requiring IDs. - Example payload construction for run_command now uses jq to safely escape and inject arguments, reducing the risk of JSON injection. - Clarified tips for omitting parameters in the run_command section. - No code or logic changes; documentation enhancements only.

v1.0.3

- Added a homepage link to the skill metadata. - No functional changes; existing usage and authentication remain the same.

v1.0.2

- Metadata now explicitly declares "TRIGGERCMD_TOKEN" as a required environment variable. - Added detailed fallback credential information to metadata, including the recommended environment variable and token file methods. - No functional script changes; documentation and metadata improved for clarity.

v1.0.1

- Added support for TRIGGERCMD_TOKEN environment variable as a primary authentication method, with fallback to the token file. - Updated setup instructions to recommend the environment variable for better security and flexibility. - Clarified authentication, security best practices, and explicit permissions for the token file. - Updated required dependencies metadata to reflect jq as required. - Improved error handling and testing guidance for both authentication methods; split setup and troubleshooting steps for clarity.

v1.0.0

Initial version

元数据

Slug triggercmd

版本 1.0.4

许可证 —

累计安装 3

当前安装数 3

历史版本数 5

常见问题

TRIGGERcmd - Run commands on your computers remotely 是什么？

Control TRIGGERcmd computers remotely by listing and running commands via the TRIGGERcmd REST API. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 699 次。

如何安装 TRIGGERcmd - Run commands on your computers remotely？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install triggercmd」即可一键安装，无需额外配置。

TRIGGERcmd - Run commands on your computers remotely 是免费的吗？

是的，TRIGGERcmd - Run commands on your computers remotely 完全免费（开源免费），可自由下载、安装和使用。

TRIGGERcmd - Run commands on your computers remotely 支持哪些平台？

TRIGGERcmd - Run commands on your computers remotely 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 TRIGGERcmd - Run commands on your computers remotely？

由 rvmey（@rvmey）开发并维护，当前版本 v1.0.4。