← 返回 Skills 市场
ivankoriako

Viboscope

作者 Lifegamer · GitHub ↗ · v4.0.0 · MIT-0
cross-platform ⚠ suspicious
154
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install viboscope
功能描述
Use this skill when the user wants to find people they'll click with — cofounders, project partners, mastermind groups, friends, or anyone — based on deep ps...
安全使用建议
Before installing or running this skill, consider the following: - It will read files from your current workspace (README, bios, git config, other files) and use conversation history to build a profile. Do not run it in repositories or folders containing secrets, private keys, or confidential data. - It stores an API key on disk at data/.api_key (and suggests .env or project-root storage for IDEs). Storing credentials in project directories risks accidental commits — prefer a secure secrets store or a location ignored by git, and verify the file is not committed. - The SKILL.md includes a self-update step that downloads a skill file into .claude/skills — this modifies agent files and could persist changes. If you allow that, review the downloaded file before executing it. - Prefer running onboarding and profile-collection in a sanitized directory or in a web-chat context where you can control how keys are provided (the web flow requires manual saving of api_key). - If you decide to proceed, ask the skill (or its author) to: (1) document exactly which workspace paths it will read, (2) avoid silent scanning of entire workspaces or at least request permission first, (3) recommend secure storage (and .gitignore) for api keys, and (4) avoid writing to global agent skill directories without explicit user approval. Given these gaps between what the skill says it does and the amount of local access it requests, treat it as suspicious until you can confirm safe storage locations and explicit file-access behavior.
功能分析
Type: OpenClaw Skill Name: viboscope Version: 4.0.0 The 'viboscope' skill bundle (v4.0.0) facilitates psychological matching by scanning local workspace files (git configs, READMEs, and project bios) and interacting with a remote API (viboscope.com). While the instructions in SKILL.md include security measures like XML-escaping untrusted data and protecting API keys, the skill possesses high-risk capabilities such as a self-update mechanism via curl and an 'autonomous mode' for chatting on the user's behalf. The 'silent' context gathering and the potential for broad data collection from the local environment, combined with remote update functionality, align with the criteria for a suspicious classification despite the lack of clear evidence of intentional malice.
能力评估
Purpose & Capability
Matchmaking can legitimately use user-provided profile text and recent conversation context, but the skill explicitly instructs scanning the entire workspace (README, bios, git config) and platform profile data. That level of file access may be useful for richer profiles but is broader than the one-line description suggests and could expose unrelated sensitive data (secrets, private repo files).
Instruction Scope
SKILL.md directs the agent to 'gather context silently' by reading conversation history and arbitrary files in the current workspace (including git config and bios) and to store and read credentials from data/.api_key. These are explicit file I/O operations and silent data collection steps that expand the agent's scope beyond simply asking the user questions. The instruction to never show the API key but to read it from disk is also present; overall the instructions grant wide discretion to read and persist local data.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code, so there is no package install or remote binary execution specified. That lowers supply-chain risk. However, the skill instructs saving/updating a local skill file via curl to .claude/skills, which is a file-modification action (see persistence).
Credentials
The manifest declares no required environment variables, yet the runtime instructions require reading and writing a local API key file (data/.api_key) and recommend storing api_key or .env in project root for IDEs. Storing credentials in project directories (and reading arbitrary workspace files) is disproportionate and may lead to accidental leakage (e.g., committing secrets). No safeguards (e.g., recommend .gitignore) are mandated.
Persistence & Privilege
The skill will create and write files in the user's workspace (data/.api_key, data/profile.yaml) and suggests a self-update curl command that writes to .claude/skills/viboscope.md. Writing into agent skill directories or project roots gives it persistent presence and the ability to modify agent behavior or persist secrets, which increases risk beyond transient in-memory operations.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install viboscope
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /viboscope 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.0.0
North Star v1.0: 10 dimensions, 7 contexts, insufficient_data handling, invite links, sharing cards
v3.5.0
Strict onboarding for all platforms: MUST rules, one question at a time, 50% threshold
v3.4.0
Pagination fix, attachment/communication scoring, conversations detail, mentor legacy tags, limit docs
v3.3.0
P-1..P-9 fixes: field validation with names, interests Jaccard+synonyms, conversations fix, attachment scoring, role_diversity, CLWM->VIBS, mentor split, pagination docs
v3.2.0
QA bugfixes: VARCHAR sizes, field saving, structured errors, gender_filter, values inflation, CLWM->VIBS, POST /messages docs
v3.1.1
QA fixes: work_style keys sync, merge rules, completeness formula, gender filter, hackathon context, bipolar items, privacy rules
v3.1.0
Viboscope v3.1.0. Rebranded from ClawMatch. Progressive onboarding, 5 validated questionnaires, multi-language support, LLM anti-hallucination.
元数据
Slug viboscope
版本 4.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 7
常见问题

Viboscope 是什么?

Use this skill when the user wants to find people they'll click with — cofounders, project partners, mastermind groups, friends, or anyone — based on deep ps... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 154 次。

如何安装 Viboscope?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install viboscope」即可一键安装,无需额外配置。

Viboscope 是免费的吗?

是的,Viboscope 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Viboscope 支持哪些平台?

Viboscope 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Viboscope?

由 Lifegamer(@ivankoriako)开发并维护,当前版本 v4.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论