← 返回 Skills 市场
112
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install yabbie-net
功能描述
A safety net for AI agents. Catches unsafe tool calls before they execute.
安全使用建议
This SKILL.md is internally coherent, but it only points to an npm package (yabbie-net) — the registry package is the actual code that will run. Before installing:
- Inspect the package and GitHub repository (package.json, proxy implementation) to ensure code matches claims. Verify the GitHub repo and package owner identity.
- Prefer project-scoped install and pin the exact version (npm install [email protected]) rather than a floating tag or global install.
- Run the proxy in a sandbox/test environment first to observe behavior and audit logs (.yabbie/audit.jsonl). Check file permissions on the audit log so it doesn't leak sensitive data.
- Keep tier2 disabled unless you trust the external judge; if you enable tier2, understand that truncated tool metadata and your taskContext will be sent to the configured provider and that an API key (ANTHROPIC_API_KEY) is required for Anthropic.
- If you rely on this for security, perform an independent code audit or use a vetted binary/build from a release channel; consider reproducible builds or verifying the npm package integrity.
If you want, I can fetch and summarize the yabbie-net repository (package.json, README, proxy code) so you can make a more informed decision — note that requires network access and the actual package source to be available.
能力评估
Purpose & Capability
The name/description (proxy safety net) matches the instructions: route MCP servers through an intercepting proxy, apply local deny-rules, optionally forward truncated summaries to an external judge. The optional ANTHROPIC_API_KEY is explicitly required only for tier2, which is consistent.
Instruction Scope
The SKILL.md stays within its stated scope (intercepting tool calls, local tier1 checks, optional tier2 external judgement). It instructs changing openclaw.json to route MCP servers, creating yabbie.yaml, and reading/writing local audit logs (.yabbie/audit.jsonl). Note: enabling tier2 will send truncated tool metadata and taskContext externally (Anthropic or local Ollama) — this is documented but is an expansion of scope that the user must opt into.
Install Mechanism
The skill is instruction-only and instructs installing yabbie-net via npm/npx. npm is a common package host, but the SKILL.md does not include the package code for review. This is coherent with the purpose but raises supply-chain risk because installing external packages executes third-party code outside the skill bundle.
Credentials
Only an optional ANTHROPIC_API_KEY is referenced and only required if tier2 (opt-in) is enabled. No other credentials or config paths are requested, which is proportionate to the described functionality.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It instructs modifying your project's openclaw.json (expected for a proxy) and writes local audit logs; these are reasonable for a proxy tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yabbie-net - 安装完成后,直接呼叫该 Skill 的名称或使用
/yabbie-net触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Address security scan findings: document credentials, data flows, privacy model, and supply chain guidance
v0.1.0
Initial release: MCP safety proxy with 3-tier protection
元数据
常见问题
Yabbie Net 是什么?
A safety net for AI agents. Catches unsafe tool calls before they execute. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Yabbie Net?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yabbie-net」即可一键安装,无需额外配置。
Yabbie Net 是免费的吗?
是的,Yabbie Net 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Yabbie Net 支持哪些平台?
Yabbie Net 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Yabbie Net?
由 Devlines(@devlines)开发并维护,当前版本 v0.2.0。
推荐 Skills