← 返回 Skills 市场
uf2.net URL Shortener
作者
S. Rob Beck
· GitHub ↗
· v1.0.1
487
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install uf2-net
功能描述
Create, manage, and track custom short URLs with uf2.net API; links never expire and provide click counts and public stats via simple REST calls.
安全使用建议
This skill appears to do what it says: a small CLI wrapper around uf2.net. Before installing: (1) be aware it requires your uf2.net API key (UF2_API_KEY) — prefer adding that to a secure secret store rather than plaintext shell profiles, (2) the package metadata does not list the required env var (UF2_API_KEY) although the SKILL.md and script require it — treat that as a bookkeeping error and confirm your environment handling, and (3) the included script builds JSON bodies by naive string concatenation (no escaping). That can break on inputs containing quotes/newlines and could cause malformed requests; if you accept untrusted input into the script, consider improving it to safely escape JSON (for example using jq --arg or printf with proper escaping). If you rely on this skill in an automated agent, ensure the agent's secret storage and policy enforce secure handling of UF2_API_KEY and review the script changes above.
功能分析
Type: OpenClaw Skill
Name: uf2-net
Version: 1.0.1
The skill is classified as suspicious due to critical command injection vulnerabilities found in `scripts/uf2.sh`. The `cmd_create` function directly interpolates user-provided arguments (`url`, `slug`, `title`) into a JSON string without proper shell escaping, which allows for arbitrary command execution via `$(command)` injection. Additionally, `cmd_list`, `cmd_get`, and `cmd_delete` are vulnerable to URL parameter and path injection due to direct interpolation of user input into `curl` arguments. These are significant vulnerabilities, but there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors) by the skill itself, only flaws that allow an attacker to exploit the agent running the script.
能力评估
Purpose & Capability
The skill's name/description (uf2.net URL shortener) match the provided SKILL.md, API reference, and scripts: it performs link create/list/get/delete and requires an API key. However, registry metadata at the top of the package states 'Required env vars: none' and 'Primary credential: none' while SKILL.md and scripts explicitly require UF2_API_KEY — this mismatch should be corrected.
Instruction Scope
Runtime instructions are narrowly scoped to interacting with the uf2.net API via curl and the included scripts. The SKILL.md does not instruct the agent to read unrelated files or exfiltrate data to unexpected endpoints; it only references storing/using the UF2_API_KEY and using the official uf2.net endpoints.
Install Mechanism
This is an instruction-only skill with an included shell script; there is no install spec that downloads or executes remote archives or packages. No high-risk install URLs or extraction steps are present.
Credentials
The script and SKILL.md require a single API credential (UF2_API_KEY), which is appropriate for the stated functionality. The concern is the package-level metadata does not declare this required environment variable; that inconsistency could cause automation or permission checks to miss that a secret is needed. Also the SKILL.md suggests adding the API key to shell profile as one persistence option — users should prefer secure stores.
Persistence & Privilege
The skill does not request always:true or elevated/system-wide privileges and does not modify other skills or system-wide settings. It runs as an on-demand CLI wrapper using environment-provided credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uf2-net - 安装完成后,直接呼叫该 Skill 的名称或使用
/uf2-net触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Security and metadata improvements: (1) Declared UF2_API_KEY as required credential in frontmatter metadata, (2) Added comprehensive credential management section with secure storage recommendations, (3) Removed references to storing keys in plain text files, (4) Added service details (homepage, TLS, docs), (5) Added security notes section documenting link visibility and constraints, (6) Added source/homepage metadata fields. Addresses registry security review feedback.
v1.0.0
Initial release: Create, manage, and track short URLs via uf2.net API. Includes CLI wrapper, full API docs, and tracking support.
元数据
常见问题
uf2.net URL Shortener 是什么?
Create, manage, and track custom short URLs with uf2.net API; links never expire and provide click counts and public stats via simple REST calls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 487 次。
如何安装 uf2.net URL Shortener?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uf2-net」即可一键安装,无需额外配置。
uf2.net URL Shortener 是免费的吗?
是的,uf2.net URL Shortener 完全免费(开源免费),可自由下载、安装和使用。
uf2.net URL Shortener 支持哪些平台?
uf2.net URL Shortener 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 uf2.net URL Shortener?
由 S. Rob Beck(@setdemos)开发并维护,当前版本 v1.0.1。
推荐 Skills