← 返回 Skills 市场
marcus-daemon

Workspace Standard

作者 marcus-daemon · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
636
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install workspace-standard
功能描述
Set up and maintain a structured OpenClaw workspace with project boundaries, role-based file taxonomy, and memory budgets. Use when: (1) bootstrapping a new...
安全使用建议
This skill appears coherent and limited to local workspace organization. Before installing or running the scripts: (1) review the two shell scripts to confirm you understand what they create; (2) run them in a git-tracked workspace (so you can inspect and revert changes with git); (3) avoid using --force unless you intend to overwrite templates; (4) if you choose the README's curl/git install routes, verify the URLs are correct (they point to GitHub raw content) before executing; (5) remember the agent may autonomously consult this skill when deciding where to write files — if you prefer to control changes manually, avoid granting the agent unrestricted autonomous actions.
功能分析
Type: OpenClaw Skill Name: workspace-standard Version: 1.0.0 The skill bundle contains shell injection vulnerabilities in `scripts/workspace-audit.sh` and `scripts/workspace-init.sh`. In `workspace-init.sh`, command-line arguments like `--project NAME` and `--path DIR` are directly used in `mkdir -p` and `echo` commands without sanitization, allowing arbitrary command execution if `NAME` or `DIR` contain shell metacharacters. Similarly, `workspace-audit.sh` uses values extracted from `.workspace-standard.yml` (e.g., `PROJ_SUBDIRS`) and markdown front-matter (e.g., `updated` date) directly in shell commands (`for` loops, `date -d`), creating potential RCE vectors if these inputs are controlled by an attacker. While the skill's stated purpose is benign workspace management, these vulnerabilities could be exploited to execute arbitrary commands on the host system.
能力评估
Purpose & Capability
The name/description promise tooling to bootstrap and audit a workspace; the included scripts only create directories/files and scan local files for front-matter, budgets, and stale dates. No unrelated credentials, binaries, or external services are required.
Instruction Scope
SKILL.md and README instruct the agent (and user) to run the provided init and audit scripts against the local workspace. The scripts only read or write local workspace files and a local optional config (.workspace-standard.yml). They do not collect or transmit data externally, nor do they access environment variables beyond local config parsing and standard shell utilities.
Install Mechanism
There is no packaged install spec (instruction-only). The README suggests optional downloads from raw.githubusercontent.com (a known host) or cloning a GitHub repo; these are documented user actions and not performed automatically by the skill. No archive extraction or remote executables are installed by the skill itself.
Credentials
The skill declares no required env vars, no credentials, and no config paths beyond an optional .workspace-standard.yml in the workspace root. The scripts do not attempt to read secrets or external tokens.
Persistence & Privilege
Registry flags are default (always:false, agent-autonomy allowed). The skill creates files and directories within the workspace (including a skills/ directory) but does not modify other skills' configs or system-wide settings. Note: the init script will overwrite files only when --force is passed, so review before using --force.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install workspace-standard
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /workspace-standard 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 7-role taxonomy, configurable via .workspace-standard.yml, workspace-tree.sh visualiser, roles guide, full README
元数据
Slug workspace-standard
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Workspace Standard 是什么?

Set up and maintain a structured OpenClaw workspace with project boundaries, role-based file taxonomy, and memory budgets. Use when: (1) bootstrapping a new... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 636 次。

如何安装 Workspace Standard?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install workspace-standard」即可一键安装,无需额外配置。

Workspace Standard 是免费的吗?

是的,Workspace Standard 完全免费(开源免费),可自由下载、安装和使用。

Workspace Standard 支持哪些平台?

Workspace Standard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Workspace Standard?

由 marcus-daemon(@marcus-daemon)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论