技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.2
统计:⭐ 0 · 148 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:awis13/seed
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's behavior matches its description (a self-growing C firmware server) but its runtime capabilities (upload/compile arbitrary C, file_read, file_write, and cmd_out) let a compromised or malicious firmware exfiltrate data or execute arbitrary commands on any device you run it on — proceed only with strong caution and review.
目的
Name/description (grow firmware via HTTP, compile on-device, watchdog rollback) align with the declared requirements (curl, gcc) and the SKILL.md API. Asking for no credentials and only requiring curl/gcc is coherent for this functionality.
说明范围
The SKILL.md instructs the agent and user to download and run a seed binary and then supports uploading arbitrary C source, compiling it on-device, and providing handler helpers (file_read, file_write, cmd_out). Those helpers allow reading arbitrary files, writing files, and running shell commands on the target device — capabilities that go well beyond simply 'deploying firmware' and can be used to exfiltrate secrets or escalate access. The in…
安装机制
This is instruction-only (no install spec). SKILL.md directs using curl to download seed.c from raw.githubusercontent.com and compiling locally; raw.githubusercontent.com is a known host (lower-than-arbitrary-URL risk) but 'curl-and-run' remains high-risk in practice. Nothing in the skill auto-installs software on the agent's host, but it does instruct users to run code they fetch.
证书
The skill itself declares no environment variables and only requires curl/gcc, which is proportional. However, the firmware API exposes file_read and cmd_out that can access arbitrary local files and run commands on the device — meaning sensitive environment data or credentials on a device running seed can be read or invoked by uploaded firmware. Those risks are real even though the skill doesn't ask for credentials explicitly.
持久
always:false (good). The skill can be invoked autonomously (default), which is normal; if the agent is allowed to act without supervision, combined with the skill's ability to instruct deployment of a self-updating firmware, the blast radius increases. The skill does not request permanent system privileges itself, but the firmware it helps install can gain long-lived control of a device.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Seed」。简介:Grow firmware on any hardware through HTTP — upload C, compile on device, apply…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/awis13/seed/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。