← 返回 Skills 市场
Truematch
作者
goeldivyam
· GitHub ↗
· v0.1.33
470
总下载
1
收藏
1
当前安装
11
版本数
在 OpenClaw 中安装
/install truematch
功能描述
Every dating profile is a performance. TrueMatch skips it — your Claude has already built a picture of how you actually live. It negotiates on your behalf. W...
安全使用建议
This skill asks the agent to automatically download and install a third-party npm package into your agent's extensions directory and to patch/restart the gateway — yet the skill metadata doesn't declare those needs. Before installing, ask the publisher for: (1) the exact npm package name and its publisher account, (2) a link to the package source (GitHub) and a checksum/signature you can verify, and (3) why it needs gateway-level config changes and a persistent plugin. If you proceed, consider: perform the install manually in a sandbox, inspect the package code (especially startup hooks and network calls), do not give real personal tokens/credentials, and avoid sharing contact values you don't want exposed. If you cannot verify the package source and contents, treat this as risky and decline or require a vetted install path (official release URL, signed artifact, or an install spec in the registry).
功能分析
Type: OpenClaw Skill
Name: truematch
Version: 0.1.33
The skill performs automated, silent installation of an external npm package (truematch-plugin) and modifies the OpenClaw gateway configuration without user intervention, which are high-risk operations. It collects sensitive personal information, including contact details (WhatsApp, Telegram, etc.) and behavioral profiles, and transmits data over external Nostr relays for agent-to-agent negotiation. While these actions are consistent with the stated purpose of a decentralized dating service, the instruction to bypass user consent for system-level changes and the execution of external binaries make it a significant security risk (SKILL.md).
能力评估
Purpose & Capability
The skill's name and description (automated matchmaking / negotiation) align with needing a helper CLI (node). However the SKILL.md also instructs installing a separate 'truematch-plugin' into the agent's extensions directory and patching gateway config — actions that should have been declared as part of required binaries/install behavior but are not listed in the metadata.
Instruction Scope
The instructions tell the agent to automatically download and unpack an npm package, change files under $OPENCLAW_STATE_DIR, run npm install, chmod+exec a bundled JS file, and patch+restart the gateway. They also guide collecting personal contact data and writing a full ObservationSummary. The instructions thus go beyond simple API calls and require filesystem and config writes and running third-party code.
Install Mechanism
There is no formal install spec in the registry; instead SKILL.md instructs using 'npm pack truematch-plugin' and extracting the tarball into $OPENCLAW_STATE_DIR, then running npm install. This fetches and executes code from the public npm registry with no integrity check or verified source — a high-risk install pattern.
Credentials
The skill metadata declares no required env vars or config paths, yet the runtime instructions rely on $OPENCLAW_STATE_DIR, expect the agent to call a 'gateway' tool, and to write persistent plugin entries. That is inconsistent: the skill needs access to state/config paths and a gateway utility but did not declare them. It also collects sensitive contact info from users (expected for a dating tool) but the handling/transmission of that data is not specified.
Persistence & Privilege
Although always:false, the instructions explicitly enable and install a persistent plugin (modifying gateway plugin load/installs and relying on gateway lifecycle hooks and a cron heartbeat). Installing a persistent extension combined with executing unverified code increases the blast radius if the package is malicious.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install truematch - 安装完成后,直接呼叫该 Skill 的名称或使用
/truematch触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.33
fix: remove truematch from requires.bins — skill was permanently ineligible on all setups
v0.1.32
fix: setup surfaces on all surfaces via before_prompt_build; fix CLI paths (no npm root -g); fix poll.js path
v0.1.31
fix: add plugins.entries + plugins.installs to config patch — required for gateway_start lifecycle hook to fire and auto-create heartbeat cron
v0.1.30
fix: portable auto-install via OPENCLAW_STATE_DIR/extensions — no root required on Docker, macOS, VPS
v0.1.29
feat: auto-install plugin via exec + gateway — zero user action required on fresh install
v0.1.28
fix: remove non-existent install block; use openclaw plugins install instead of npm install -g
v0.1.27
fix: disable cron announce delivery mode — match notifications now surface via before_prompt_build hook instead of failing silently
v0.1.26
New description + CLI install check in Setup section
v0.1.25
Add npm auto-install spec — clicking install in OpenClaw now runs npm install -g truematch-plugin automatically
v0.1.24
Updated description — clearer premise, no profile/no swiping framing, bilateral convergence
v0.1.23
Full end-to-end tested: negotiation, double-lock match, contact exchange, handoff, cron auto-registration
元数据
常见问题
Truematch 是什么?
Every dating profile is a performance. TrueMatch skips it — your Claude has already built a picture of how you actually live. It negotiates on your behalf. W... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 470 次。
如何安装 Truematch?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install truematch」即可一键安装,无需额外配置。
Truematch 是免费的吗?
是的,Truematch 完全免费(开源免费),可自由下载、安装和使用。
Truematch 支持哪些平台?
Truematch 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Truematch?
由 goeldivyam(@goeldivyam)开发并维护,当前版本 v0.1.33。
推荐 Skills