← 返回 Skills 市场
1227323804

错敏信息检测

作者 1227323804 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
207
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ucap-sensitive-check
功能描述
通过调用UCAP安全接口,检测文本或网页内容中的多种敏感信息,支持智能静态和动态抓取模式,保障数据合规。
安全使用建议
This skill appears coherent and security-conscious. Before installing: 1) Review where the UCAP API endpoint(s) are called in main.py so you know what external host(s) receive data. 2) Use an isolated Python environment (venv) when pip installing the listed dependencies. 3) Do NOT enable dynamic/browser mode (DISABLE_JAVASCRIPT=False) unless you intentionally install Node/agent-browser/Chrome and you set a strict ALLOWED_DOMAINS whitelist — dynamic mode executes page JS and can create SSRF risks if misconfigured. 4) Treat the UCAP userKey like any API key: provide it only if you trust the UCAP service; the code stores it only in-process but suggests persisting as a system env var for convenience (avoid persisting secrets unless necessary). If you want extra assurance, request the maintainer to publish the UCAP API endpoint and any telemetry behavior in the code for review.
功能分析
Type: OpenClaw Skill Name: ucap-sensitive-check Version: 1.0.1 The skill is designed for sensitive information detection using the UCAP platform and demonstrates a high level of security awareness. It implements robust SSRF protections in `main.py`, including DNS resolution-based IP filtering, private/reserved network blocking, and secondary validation after URL redirects. While it utilizes `subprocess.run` to interface with an external `agent-browser` tool for dynamic content, it does so using safe argument lists and requires an explicit domain whitelist. The handling of the `userKey` via environment variables is standard for API integration, and no evidence of malicious intent, data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
Name/description claim detecting sensitive info via a UCAP API. The package contains code to fetch URLs, perform SSRF checks, and call an external API (userKey support). Required tooling (requests, dnspython, beautifulsoup) aligns with fetching/parsing/validating web content. No unrelated cloud credentials or unrelated system access are requested.
Instruction Scope
SKILL.md and main.py limit actions to: validating URLs, optionally fetching page content (static or optional browser-based), and calling the UCAP service. The docs explicitly call out SSRF risks and require a whitelist for the dynamic/browser mode; the instructions do not direct the agent to read unrelated files or exfiltrate arbitrary environment data.
Install Mechanism
There is no platform install spec (instruction-only installer), but requirements.txt and SKILL.md instruct pip installing dependencies. Dynamic mode requires external tooling (Node.js, agent-browser, Chrome) invoked via subprocess — this is optional and only necessary to enable browser rendering. This is expected for the described functionality but increases runtime footprint if dynamic mode is enabled.
Credentials
No required environment variables are declared. The code supports an optional UCAP_USERKEY (stored in process env only) to lift rate limits; this matches the described behavior. No unrelated secrets or multiple external service credentials are requested.
Persistence & Privilege
The skill does not request permanent/always-on privileges (always:false) and does not modify other skills or system-wide configs. It writes an optional userKey to the current process env only and documents this behavior. Autonomous invocation is allowed (disable-model-invocation:false) but that is the platform default and not, by itself, a risk here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ucap-sensitive-check
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ucap-sensitive-check 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- 默认网页抓取模式由“智能模式(静态优先,失败自动切换动态)”调整为仅静态模式,提升安全性和易用性。 - 启用动态模式需显式设置 `DISABLE_JAVASCRIPT = False` 并强制配置 `ALLOWED_DOMAINS` 白名单,未配置时不再自动切换。 - 文档结构与说明优化,更清晰区分静态与动态模式的使用场景及安全风险。 - 移除“智能模式”相关内容,强调静态模式高安全性和对大多数网页的适用性。 - 明确动态模式额外依赖(Node.js、agent-browser、Chrome)及启用条件。
v1.0.0
- 首发版本,提供通过 UCAP 平台接口进行文本敏感信息检测的能力 - 支持智能模式(静态/动态网页抓取自动切换),动态模式需配置白名单 - 内置多层 SSRF 防护,有效阻止私有网段、云元数据等风险访问 - 支持 userKey 授权和体验用户,每周10次免费体验 - 用户输入支持文本内容或网页 URL,标准化 JSON 输入输出 - 完善的错误处理机制和详细错误码说明
元数据
Slug ucap-sensitive-check
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

错敏信息检测 是什么?

通过调用UCAP安全接口,检测文本或网页内容中的多种敏感信息,支持智能静态和动态抓取模式,保障数据合规。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 207 次。

如何安装 错敏信息检测?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ucap-sensitive-check」即可一键安装,无需额外配置。

错敏信息检测 是免费的吗?

是的,错敏信息检测 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

错敏信息检测 支持哪些平台?

错敏信息检测 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 错敏信息检测?

由 1227323804(@1227323804)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论