← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install use-maskrun
功能描述
Use maskrun instead of executing shell commands directly when commands may print environment variables, API keys, tokens, passwords, secrets, credentials, CI...
安全使用建议
This skill is coherent and low-risk: it only advises using the separate tool maskrun and does not request credentials. Before relying on it, verify the maskrun binary from the linked GitHub releases (check signatures or repo reputation), ensure maskrun is installed on your agent environment, and remember maskrun only masks terminal output—it does not prevent a child process from transmitting secrets, writing files, or reading env vars. Configure maskrun's filter rules to cover the variable names you care about, and avoid running commands that print secrets when you need stronger isolation (use sandboxing or revoke credentials instead).
功能分析
Type: OpenClaw Skill
Name: use-maskrun
Version: 0.1.12
The skill is a utility designed to enhance security by instructing the AI agent to wrap shell commands with 'maskrun' to prevent the accidental exposure of secrets (API keys, tokens, etc.) in logs and transcripts. It points to a legitimate GitHub repository (ctxinf/agent-env-guard) for the tool and provides standard configuration examples. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the instructions are aligned with the stated purpose of protecting sensitive environment variables.
能力标签
能力评估
Purpose & Capability
Name/description match the SKILL.md: the sole purpose is to advise wrapping shell commands with maskrun to avoid exposing environment values. The skill asks for no binaries, env vars, or config paths beyond documenting where maskrun's own config lives—this is proportionate.
Instruction Scope
Instructions are narrowly scoped to guidance for invoking maskrun and configuring its filter rules. They do not instruct the agent to read unrelated files, exfiltrate data, or send outputs to unexpected endpoints. The skill explicitly documents maskrun's limitations (it masks output only and does not sandbox child processes).
Install Mechanism
No install spec is included (instruction-only). The SKILL.md points users to the maskrun GitHub repo and releases, which is an appropriate, standard source; nothing in the skill performs remote downloads or writes to disk itself.
Credentials
The skill declares no required environment variables or credentials. It documents where maskrun reads its config (standard per-OS locations) which is legitimate and expected for a masking tool.
Persistence & Privilege
Skill uses default privileges (not always:true) and allows agent invocation (platform default). It does not request persistent presence, nor modify other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install use-maskrun - 安装完成后,直接呼叫该 Skill 的名称或使用
/use-maskrun触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.12
remove install methods
v0.1.11
- Initial release of use-maskrun skill.
- Guides users to run sensitive commands through `maskrun --` to mask secrets from output.
- Explains when wrapping with `maskrun` is required and when direct execution is safe.
- Provides installation and configuration instructions for maskrun.
- Describes default config file locations and config options.
- Stresses that maskrun only masks output and is not a sandbox.
元数据
常见问题
use-maskrun 是什么?
Use maskrun instead of executing shell commands directly when commands may print environment variables, API keys, tokens, passwords, secrets, credentials, CI... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 use-maskrun?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-maskrun」即可一键安装,无需额外配置。
use-maskrun 是免费的吗?
是的,use-maskrun 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
use-maskrun 支持哪些平台?
use-maskrun 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 use-maskrun?
由 ctxinf(@ctxinf)开发并维护,当前版本 v0.1.12。
推荐 Skills