技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 56 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:adisinghstudent/crucix-intelligence-dashboard
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The runtime instructions do match an OSINT dashboard (clone repo, set many API keys, run npm/docker), but the skill metadata omits the large set of sensitive environment variables and the instructions direct you to fetch and execute third-party code—this mismatch and the sensitive-credential handling warrant caution.
目的
The SKILL.md describes an OSINT dashboard with Telegram/Discord bots, LLM integration, and many optional data sources; the commands (git clone, npm install, docker compose) are consistent with that purpose. However, the registry metadata claims no required env vars or credentials while SKILL.md clearly requires numerous API keys and secrets (LLM keys, telemetry/webhook tokens, Alpaca trading keys, ACLED credentials, etc.). That metadata omissi…
说明范围
The instructions tell the user/agent to clone and run code from https://github.com/calesthio/Crucix.git and to run npm install / npm run dev or docker compose. Those steps will fetch and execute third-party code on the host. The doc also tells users to place many secrets in a local .env and references writing/reading ~/.codex/auth.json for Codex auth. The SKILL.md does not instruct any obvious exfiltration, but it grants broad discretion to pu…
安装机制
There is no packaged install spec in the registry (instruction-only), which is lower risk from the registry's perspective. But the runtime instructions require cloning a GitHub repo and running npm install (and optionally docker compose), which will install third-party dependencies from npm. GitHub and npm are standard hosts, but running unreviewed repo code and its npm deps can execute arbitrary code—users should audit the upstream repo befor…
证书
SKILL.md requires many environment variables and credentials that are plausible for the described functionality (satellite APIs, flight/maritime feeds, LLM API keys, Telegram/Discord tokens, and optional trading keys). However, the skill registry metadata lists no required env vars/primary credential while the instructions require many sensitive secrets. That mismatch reduces transparency. Some optional keys (Alpaca trading) grant financial ac…
持久
The skill is not marked always:true and does not request modification of other skills or system-wide agent settings. Autonomous model invocation is allowed (platform default) but not combined with an 'always' flag. The main persistence risk comes from running the cloned code (it may write ./runs/ or other data), and from storing credentials in .env or ~/.codex—behaviors documented in SKILL.md but requiring user caution.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「crucix-intelligence-dashboard」。简介:Personal intelligence agent that aggregates 27 OSINT data sources into a self-h…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adisinghstudent/crucix-intelligence-dashboard/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。