← 返回 Skills 市场
700
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ua1-validator-agent
功能描述
Validate PDFs against PDF/UA-1 using ua1.dev or api.ua1.dev from AI coding agents (OpenClaw, Claude Code, Codex, OpenCode). Use when an agent needs determini...
安全使用建议
This skill is coherent and implements remote PDF/UA-1 validation by uploading files to api.ua1.dev. Before installing or using it, consider: 1) Data sensitivity — the script will POST the entire PDF to an external service; do not use it with private or regulated documents unless you trust api.ua1.dev and its privacy policy. 2) Runtime dependencies — ensure curl (and mktemp) exist on the runner; jq is used to parse the verdict but is optional (the script handles jq failure gracefully). 3) You can override UA1_API_BASE to point to a trusted/self-hosted endpoint if you have one. 4) The script returns exit codes (0=pass, 2=fail, 1=transport/error) — use these in CI gates as documented. 5) Verify the service’s authenticity (TLS certificate, domain ownership) before sending sensitive files. If you need local-only validation for privacy/compliance, prefer a local validator rather than this remote API.
功能分析
Type: OpenClaw Skill
Name: ua1-validator-agent
Version: 0.1.0
The skill executes a bash script (`scripts/validate_pdf.sh`) with a user-provided file path. While the script includes a file existence check and uses `curl -F "file=@${FILE_PATH}"` (which is generally robust against shell injection within the filename itself), the direct execution of a shell script with an unsanitized argument from the agent's perspective poses a potential shell injection vulnerability. If the OpenClaw agent does not properly quote or sanitize the `FILE_PATH` argument before invoking the script, an attacker could inject arbitrary commands. This is a vulnerability that allows attacks, not intentional malice.
能力评估
Purpose & Capability
Name/description match the implementation: the script posts a PDF to https://api.ua1.dev/api/validate (compact or full) and interprets the API verdict. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to health check and posting files for validation. The script transmits the entire PDF to an external host (api.ua1.dev) — this is expected for remote validation but is a privacy/PII consideration. The SKILL.md and registry metadata do not declare required runtime binaries: the script depends on curl and mktemp (and optionally jq).
Install Mechanism
Instruction-only skill with a small shell script; no install spec, no downloads or archive extraction. No high-risk install mechanism present.
Credentials
No credentials or sensitive environment variables are requested. Two optional env vars are documented (UA1_API_BASE, UA1_FORMAT) and are proportionate. There are no undeclared secret-access requirements.
Persistence & Privilege
Skill does not request persistent/always-on presence and does not modify other skills or system-wide settings. It runs only when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ua1-validator-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/ua1-validator-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release: deterministic PDF/UA-1 checks for agent workflows
元数据
常见问题
UA1 Validator Agent 是什么?
Validate PDFs against PDF/UA-1 using ua1.dev or api.ua1.dev from AI coding agents (OpenClaw, Claude Code, Codex, OpenCode). Use when an agent needs determini... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 700 次。
如何安装 UA1 Validator Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ua1-validator-agent」即可一键安装,无需额外配置。
UA1 Validator Agent 是免费的吗?
是的,UA1 Validator Agent 完全免费(开源免费),可自由下载、安装和使用。
UA1 Validator Agent 支持哪些平台?
UA1 Validator Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 UA1 Validator Agent?
由 hajekt2(@hajekt2)开发并维护,当前版本 v0.1.0。
推荐 Skills