技能详情(站内镜像,无评论)
作者:Aaron Levin @awlevin
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 697 · 3 current installs · 3 all-time installs
⭐ 0
安装量(当前) 3
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:awlevin/secret-portal
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's instructions match the stated purpose (launch a one‑time secret-entry UI) but it delegates sensitive work to an external CLI that may auto-download other binaries and write secrets to disk — the manifest is coherent but there are unverified, potentially risky behaviors you should check before using.
目的
The skill tells the agent to run the 'uv' CLI to start a secret-entry portal; the single required binary ('uv') and the provided brew install entry for 'uv' match the documented usage. Required env vars/creds are none, which aligns with a simple UI-for-secrets purpose.
说明范围
SKILL.md instructs executing 'uv run --with secret-portal secret-portal' and passing a path to save secrets (e.g., -f ~/.env). That is within the stated purpose, but it also encourages using '--tunnel cloudflared' and claims cloudflared will be auto-downloaded. The skill is instruction-only and therefore causes execution of an external binary that may download additional executables and perform network operations; the file-writing behavior (sa…
安装机制
Install spec only installs 'uv' via brew (reasonable). However, SKILL.md references auto-downloading 'cloudflared' (a separate binary) when using the recommended tunnel; that secondary download is not declared in the install spec and would be performed at runtime by the external tool. Automatic fetching/extracting of additional binaries by a third-party CLI increases risk and should be validated.
证书
The skill declares no environment variables, no credentials, and no config paths. There are no extraneous credential requests in the manifest. Writing secrets to a file is the primary action and is consistent with the stated purpose, though it requires trust in the invoked CLI's behavior.
持久
The skill does not request always:true, does not alter other skills' configs, and is user-invocable only. It will write a secrets file at a user-specified path, which is expected for this functionality and is not the same as requesting persistent elevated privileges.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Secret Portal」。简介:Spin up a one-time web UI for securely entering secret keys and env vars. Suppo…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/awlevin/secret-portal/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。