技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 24 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:biolims/biolims-skill
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill mostly matches a Bio-LIMS integration, but included code files (especially an 'openai' server script) and vague automatic-auth claims are inconsistent with the declared metadata and warrant manual review before install.
目的
The name, description, SKILL.md, many templates, and the large biolims.mjs script all align with a Bio-LIMS integration (orders, receives, templates). However, the repository also contains files that are unexpected for a pure LIMS API client (notably scripts/biolims-openai-server.mjs and many auxiliary shell/python scripts). Those files could be legitimate developer tooling, but they are not explained in SKILL.md and therefore are an unexplain…
说明范围
SKILL.md instructs the agent to run the provided scripts/biolims.mjs to call LIMS APIs and states token login/refresh is automatic. The instructions reference many template files and local script paths (e.g., /home/biolims/.openclaw/...), and implicitly rely on local state (.biolims-auth.json). The instructions do not direct reading unrelated system files, but they are vague about where the server URL and credentials come from and do not menti…
安装机制
No install spec is provided (instruction-only from the registry), so nothing is automatically downloaded or executed by the installer. The risk surface comes from the included scripts being executed at runtime, not from an installer fetching remote code.
证书
The skill declares no required environment variables or primary credential, yet it claims automatic token auth and ships a .biolims-auth.json file and an encrypt_password.py helper. That is a mismatch: it's unclear how credentials or base server URL will be provided/secured. The presence of an 'openai' server script is a red flag because it could enable communication with external services (OpenAI or other endpoints) that are unrelated to core…
持久
always is false and the skill is user-invocable. There is no declared attempt to modify other skills or system-wide agent configuration in the visible instructions. The scripts do persist auth to a local .biolims-auth.json file (expected for token caching) but that is scoped to the skill.
scripts/biolims-openai-server.mjs:29
检测到Shell命令执行( child_process )。
scripts/biolims-server.mjs:23
环境变量访问与网络发送相结合。
scripts/biolims.mjs:283
环境变量访问与网络发送相结合。
scripts/create_receive.mjs:10
环境变量访问与网络发送相结合。
scripts/scan-sample.mjs:12
环境变量访问与网络发送相结合。
scripts/biolims.mjs:303
文件读取与网络发送相结合(可能泄露)。
scripts/create_receive.mjs:18
文件读取与网络发送相结合(可能泄露)。
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「BioLIMS SKILL」。简介:Call Bio-LIMS system APIs to manage orders, sample receiving, and experiment te…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/biolims/biolims-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。