← 返回 Skills 市场
1413
总下载
3
收藏
12
当前安装
1
版本数
在 OpenClaw 中安装
/install write
功能描述
Plan, draft, version, and refine written content with enforced versioning and quality audits.
安全使用建议
This skill appears coherent and local-only, but do these before using: (1) Fix the path mismatch — either move the script files under a scripts/ directory or update SKILL.md commands to ./init-workspace.sh etc.; (2) Ensure jq is installed (scripts call jq) or update scripts to not require it; (3) Inspect the scripts yourself (they operate on files and delete versions with explicit confirmation) and run init-workspace.sh in a safe test directory first; (4) If you plan to let an autonomous agent run this skill, understand it will create and modify files under the workspace you provide — choose a workspace location you control. If you'd like, I can produce a patched SKILL.md or relocate the scripts so the paths match.
功能分析
Type: OpenClaw Skill
Name: write
Version: 1.0.0
The skill bundle is classified as suspicious due to several shell injection and path traversal vulnerabilities in its scripts. Specifically, `restore.sh` is vulnerable to command injection via the `VERSION` argument, which is directly interpolated into a `grep` command, allowing arbitrary command execution. Additionally, multiple scripts (`audit.sh`, `cleanup.sh`, `edit.sh`, `init-workspace.sh`, `list.sh`, `new-piece.sh`, `restore.sh`) use user-controlled `WORKSPACE` and `PIECE_ID` arguments directly in file paths without sufficient sanitization, posing a path traversal risk. While the `SKILL.md` and other documentation files provide good operational guardrails for the AI agent, the underlying scripts contain exploitable flaws.
能力评估
Purpose & Capability
Name/description (writing with versioning and audits) aligns with the provided scripts and docs: workspace init, new piece, edit (with backups), audits, listing, restore, and cleanup. All functionality is local and appropriate for a writing/versioning tool.
Instruction Scope
SKILL.md instructs calling scripts under ./scripts/ (e.g., ./scripts/init-workspace.sh), but the provided file manifest lists the shell scripts at repository root (init-workspace.sh, edit.sh, etc.). This path mismatch will break the recommended commands. Also the docs repeatedly require jq for JSON metadata manipulation, but the skill's requirements section lists no required binaries; the runtime instructions and scripts implicitly depend on jq and standard POSIX utilities. Otherwise, the scripts only read/write files under the specified workspace and do not attempt to access unrelated system files or network endpoints.
Install Mechanism
This is an instruction-only skill with bundled shell scripts (no installer downloads or external package installs). Nothing in the package fetches remote artifacts or writes to system-wide locations. Risk is low, but the user should inspect and run scripts in a sandboxed directory initially.
Credentials
The skill declares no environment variables, no credentials, and no protected config paths. The scripts operate solely on a user-specified workspace path. There are no requests for unrelated secrets or external service keys.
Persistence & Privilege
always is false and the skill does not request elevated or permanent platform privileges. Scripts manage only their own workspace files and do not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install write - 安装完成后,直接呼叫该 Skill 的名称或使用
/write触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - enforced versioning, quality audits, research workflow
元数据
常见问题
Write 是什么?
Plan, draft, version, and refine written content with enforced versioning and quality audits. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1413 次。
如何安装 Write?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install write」即可一键安装,无需额外配置。
Write 是免费的吗?
是的,Write 完全免费(开源免费),可自由下载、安装和使用。
Write 支持哪些平台?
Write 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin)。
谁开发了 Write?
由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.0。
推荐 Skills