← 返回 Skills 市场
Validator
作者
bytesagain4
· GitHub ↗
· v3.0.1
· MIT-0
335
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install validator
功能描述
Validate emails, URLs, phones, dates, and custom patterns. Use when sanitizing input, verifying form fields, checking formats, or enforcing rules.
安全使用建议
This skill appears to do what it says: local validation plus optional network/DNS lookups. Before using it: (1) review or run the script locally from a trusted environment; (2) avoid passing real production secrets (full credit-card numbers, private files) unless you trust the runtime, because the tool will read and process whatever file or string you provide; (3) be aware that URL/domain commands will make outbound requests if curl/dig are available (which could reveal that you checked that host); (4) YAML validation attempts to import PyYAML if present — otherwise a basic fallback is used. If those behaviors are acceptable, the skill is internally coherent.
功能分析
Type: OpenClaw Skill
Name: validator
Version: 3.0.1
The validator skill contains command injection vulnerabilities in the `json` and `yaml` commands within `scripts/script.sh`. Filenames are directly interpolated into `python3 -c` command strings, which could allow arbitrary code execution if an attacker can influence the names of files being validated. While the tool's logic appears functional and aligned with its stated purpose, these implementation flaws pose a significant security risk.
能力评估
Purpose & Capability
Name/description (validate emails/URLs/phones/dates/patterns) match the shipped script and SKILL.md. Required tools listed (python3, curl, dig) are used by the script for JSON/YAML/csv parsing and optional network/DNS checks.
Instruction Scope
The SKILL.md commands map directly to functions in scripts/script.sh. The script reads user-specified files (json/yaml/csv) and may perform network actions (curl for URL HTTP status, dig for DNS) when those binaries are present — expected for this tool, but worth noting because these actions contact external hosts and the tool will read any file path you supply.
Install Mechanism
Instruction-only skill with a bundled shell script; there is no install step, no external downloads, and no archive extraction. Nothing is written to disk beyond running the provided script.
Credentials
The skill declares no required environment variables and does not request credentials. Internally it sets temporary env vars (e.g., FILE, NUM) for local subprocesses. It can process sensitive inputs (credit card numbers, files) supplied by the user — treat those inputs as sensitive when using the tool.
Persistence & Privilege
Does not request persistent presence (always:false), does not modify other skills or system config, and does not store credentials. Agent autonomous invocation default is unchanged.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install validator - 安装完成后,直接呼叫该 Skill 的名称或使用
/validator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.1
v3.0.1: SKILL.md rewritten to match new script commands.
v3.0.0
v3.0.0: Complete rewrite — email/URL/IP/phone/date/JSON/CSV/domain/credit-card validation.
v2.0.0
v2.5 retry: desc+homepage+source+security
v1.0.1
retry-fix-token
v1.0.0
Initial release
元数据
常见问题
Validator 是什么?
Validate emails, URLs, phones, dates, and custom patterns. Use when sanitizing input, verifying form fields, checking formats, or enforcing rules. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 335 次。
如何安装 Validator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install validator」即可一键安装,无需额外配置。
Validator 是免费的吗?
是的,Validator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Validator 支持哪些平台?
Validator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Validator?
由 bytesagain4(@xueyetianya)开发并维护,当前版本 v3.0.1。
推荐 Skills