← 返回 Skills 市场

vryfik skill

Name: vryfik skill
Author: briefness

作者 briefness · GitHub ↗ · v1.0.7 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install vryfik-skill

功能描述

Use when searching the web, documentation, or current information where token efficiency matters. Triggers on queries about API docs, current events, pricing...

安全使用建议

This skill appears internally coherent and implements a local pipeline (intent parsing, rewriting, caching, credibility probes, assembly) that delegates actual page retrieval to the host agent. Before installing: - Ensure you trust the host agent's 'web_search' tool (it performs the live GETs and supplies fragments to the skill). The skill assumes URLs come from a trusted caller. - Accept that queries (cache keys/snippets) will be stored under ~/.antigravity/search-cache/ (SKILL.md states files created with 0o600 and dir 0o700). If that concerns you, review or relocate the cache directory before use. - Note the skill issues outbound HEAD requests (no bodies) for availability checks; network egress must be acceptable. - No secrets/credentials are requested by this skill. If you need higher assurance, review the bundled scripts (they are small, readable JS) and verify the host's web_search implementation sanitizes user-supplied URLs and does not forward sensitive local/internal URLs to the skill.

能力标签

crypto

能力评估

✓ Purpose & Capability

Name/description (token‑efficient web/document search) matches the artifacts: intent parsing, query rewriting, budget control, cache, credibility probes, and assembly. Required runtime (node) is appropriate and no unrelated credentials or binaries are requested.

ℹ Instruction Scope

Instructions limit network activity to host-provided web_search for content retrieval and the skill's parallel-probe script (HTTP HEAD) for availability checks. The skill reads/writes a local cache (~/.antigravity/search-cache/) and uses local data files (intent patterns, domain reputation). Cache may contain user query text (SKILL.md documents this). Review host agent behavior: host provides full GET/search results to the skill for post-processing, so the security posture depends on trusting the host tool to sanitize user-supplied URLs.

✓ Install Mechanism

No install script; code files are included and executed via the shell tool using node. No remote downloads, package installs, or URL fetch/install steps are present.

✓ Credentials

The skill requests no environment variables or credentials. Local file access is limited to a single cache directory and bundled data files; network access is restricted to outbound HEAD probes (parallel-probe) and relies on the host for GET/search calls—this is proportionate to the stated functionality.

✓ Persistence & Privilege

always is false and disable-model-invocation is set to true (skill cannot invoke the model autonomously). The only persistent artifact is the local cache (~/.antigravity/search-cache/) which the SKILL.md documents and the scripts write with restricted file modes (0o600/0o700). No configuration or credential changes to other skills are made.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install vryfik-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /vryfik-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.7

v1.0.7 is a metadata refinement release. - Added explicit "metadata.openclaw.requires.bins" field to declare required binaries. - Moved the "required binaries" comment into the formal YAML manifest. - No changes to skill logic, pipeline, permissions, or instructions. - No code or functionality alterations; update is manifest/metadata only.

v1.0.6

v1.0.6 — Minor manifest YAML corrections - Fixed typo in the manifest key from disable_model_invocation to disable-model-invocation - Changed "required_binaries" key to "required binaries" for consistency - No other changes to instructions, logic, or security notes

v1.0.5

v1.0.5 is a policy/security manifest update: - Added disable_model_invocation: true to enforce non-autonomous use via OpenClaw policy. - Introduced required_binaries with "node" to specify required runtime. - No changes to files or functional pipeline; documentation/manifest only.

v1.0.4

v1.0.4 introduces enhanced environment and security detail clarifications. - Declared Node.js (>=18) as an explicit dependency for host agent compatibility. - Expanded IO section with details that cache directory is auto-created. - Upgraded SSRF protection to a two-layer system: (1) hostname pattern check and (2) DNS lookup with post-resolution IP validation. - Updated security notes to reflect layered SSRF checks and reinforce DNS rebinding prevention. - No changes to core pipeline or behavior.

v1.0.3

v1.0.3 introduces enhanced security controls and clarifies agent/skill responsibilities. - Now explicitly requires script invocation via shell tool; no direct user-script execution. - Adds SSRF protection: private IPs, localhost, and link-local addresses are blocked before probing. - Clarifies that web search requests (GET/API calls) are delegated to the host agent, not performed by this skill. - Documents required invocation order, early exits, and precise JSON argument passing for each step. - Updates security manifest with new `autonomous: false`, `host_provides`, and `trust_model` fields. - Improved security notes and operating instructions for safer, more auditable use.

v1.0.2

- Major update: skill focus shifted from codebase search to web and documentation search only. - Removed support for local file system operations and shell/subprocess execution; now web-only and subprocess-free. - Dropped dependency on external binaries such as ripgrep. - Updated security manifest to reflect reduced permissions and no shell access. - Token budgets and pipeline simplified; no layered local search, now purely cache-then-web-search with credibility checks. - Streamlined documentation and usage examples to match the new web-focused architecture.

v1.0.1

**Added explicit security policy and technical manifest to SKILL.md** - Added ClawHub Security Manifest section in YAML frontmatter, declaring all permissions, dependencies, I/O scopes, and security notes. - Frontmatter now specifies which scripts have local read/write, network, and shell permissions, and their boundaries. - Added details about ripgrep dependency for layered-fetcher.js. - Included security best practices: atomic cache writes, safe path handling, restricted network access, and no code generation. - Updated ClawHub Security Notes to direct users and static analyzers to use the manifest for authoritative metadata. - No changes to pipeline logic or user-facing search behavior.

v1.0.0

Initial release of the searching-precisely skill for token-efficient search in codebases and documentation. - Introduces a hierarchical search pipeline with early exits to minimize token usage. - Implements semantic caching, layered fetching (local grep, fragment, web), and parallel credibility checks. - Provides clear rules for layer selection and query handling. - Includes utility scripts for intent classification, query rewriting, budget management, validation, and cache management. - Emphasizes best practices to avoid unnecessary token or I/O costs. - Details security measures and scope-limited I/O for each component.

元数据

Slug vryfik-skill

版本 1.0.7

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 8

常见问题

vryfik skill 是什么？

Use when searching the web, documentation, or current information where token efficiency matters. Triggers on queries about API docs, current events, pricing... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 62 次。

如何安装 vryfik skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vryfik-skill」即可一键安装，无需额外配置。

vryfik skill 是免费的吗？

是的，vryfik skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

vryfik skill 支持哪些平台？

vryfik skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 vryfik skill？

由 briefness（@briefness）开发并维护，当前版本 v1.0.7。