← 返回 Skills 市场
115
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install vibe-remote
功能描述
Vibe Remote 远程 AI Coding 工具。当用户提到 vibe-remote、vibe remote、远程 coding、iOS 远程控制 Mac 跑 AI 写代码、安装 vibe-remote、配置 vibe-remote、或提交 vibe-remote issue 时使用。
安全使用建议
What to consider before installing:
- There are clear metadata vs instruction mismatches. The SKILL.md expects you to run a local binary (vibe-remote), the GitHub CLI, and curl, but the skill metadata declares no required binaries or env vars — verify these requirements yourself before trusting the skill.
- The instructions include a headless mode that takes --account and --password. Never hand a password to a skill or agent without verifying what the binary does and whether credentials are stored/transported. Prefer using a scoped token or not running headless at all.
- The skill suggests uploading images/videos to catbox.moe (a public third‑party). Any uploaded screenshot or video can become public — redact sensitive data and avoid uploading secrets or proprietary code.
- The _meta.json ownerId/version differs from the registry metadata; confirm the publisher (check the GitHub repo and official docs) and prefer binaries from official releases with checksums/signatures.
- Recommended actions before you proceed: inspect the referenced GitHub repo and release binaries, verify checksums, run the binary locally in a safe environment, avoid providing real credentials (use limited-scope tokens), and do not upload sensitive files to public hosts. If you cannot validate the binary and its behavior, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: vibe-remote
Version: 1.0.1
The skill facilitates remote machine control and AI coding via the 'vibe-remote' binary. It includes high-risk capabilities such as handling user credentials for headless authentication and instructions to upload files (images/videos) to the third-party service catbox.moe via curl for GitHub issue reporting. While these actions are aligned with the tool's stated purpose in SKILL.md, the inherent risks of remote execution, credential handling, and external data transfer to non-standard endpoints meet the criteria for a suspicious classification.
能力评估
Purpose & Capability
The SKILL.md describes a CLI binary (vibe-remote), use of the GitHub CLI (gh), curl, and third‑party upload utilities; however the skill metadata declares no required binaries, no environment variables, and no install spec. That mismatch (the skill claims no requirements but instructs the agent to run specific binaries and provide account/password) is inconsistent and unexpected. Additionally, the packaged _meta.json shows a different ownerId/version than the registry metadata, another inconsistency.
Instruction Scope
Runtime instructions tell the agent to: run vibe-remote (including a headless mode that takes --account and --password), check gh auth status, create GitHub issues via gh, and upload images/videos to catbox.moe (or call another skill). These steps involve handling user credentials and sending user-provided files to external services. The skill also instructs the agent to always send the created issue link back to the user. The instructions therefore touch on sensitive actions (credential use and external file upload) beyond simple conversational assistance.
Install Mechanism
There is no install spec and no code files (instruction-only), which reduces the risk of arbitrary code being written by the installer. However, the skill assumes the presence of external binaries (vibe-remote, gh, curl) and references a repo/docs. Because installation/verification steps for the binary are not provided or enforced, users must manually obtain and verify the binary — omission is notable but not inherently malicious.
Credentials
The skill does not declare required environment variables or credentials, yet the SKILL.md instructs use of account/password for headless mode and relies on the user's GitHub authentication state. Asking for or passing plaintext account/passwords (or files) is high-risk and not justified by the metadata. The skill also recommends uploading potentially sensitive screenshots/videos to a public third-party (catbox.moe), which can expose private data. Cross-skill calls (nodeimage-upload) are referenced but not declared.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It allows normal autonomous invocation (default), which is expected. There is no evidence it modifies other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vibe-remote - 安装完成后,直接呼叫该 Skill 的名称或使用
/vibe-remote触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add catbox fallback for image upload when nodeimage-upload skill is unavailable
v1.0.0
Initial release: remote AI coding via iOS app, GitHub issue submission workflow
元数据
常见问题
Vibe Remote 是什么?
Vibe Remote 远程 AI Coding 工具。当用户提到 vibe-remote、vibe remote、远程 coding、iOS 远程控制 Mac 跑 AI 写代码、安装 vibe-remote、配置 vibe-remote、或提交 vibe-remote issue 时使用。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 115 次。
如何安装 Vibe Remote?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vibe-remote」即可一键安装,无需额外配置。
Vibe Remote 是免费的吗?
是的,Vibe Remote 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vibe Remote 支持哪些平台?
Vibe Remote 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vibe Remote?
由 FireTable(@firetable)开发并维护,当前版本 v1.0.1。
推荐 Skills