by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent with a local code-snippet manager: it runs a small Python script that stores snippets in a file under the user's home directory and does not request credentials or network access.
评估建议
This skill appears to be a simple local code-snippet manager implemented in Python. Before installing or running it:
- Be aware it will create and update ~/.code_snippets.json in your home directory; snippets are stored as plain JSON (not encrypted). Do not store secrets in snippets unless you are comfortable with that.
- SKILL.md contains small filename typos (references to 'snippets.py' vs the actual 'scripts/snippet.py'); verify you run the correct path or move the script as you prefer.
- Th...详细分析 ▾
ℹ 用途与能力
The package name/description (代码片段收藏夹) matches the included script behavior (add/search/list/get/delete local snippets). Minor inconsistencies: SKILL.md examples sometimes call 'snippets.py' while the actual script is 'scripts/snippet.py', and the top-level registry metadata in the report lists no required binaries while _meta.json lists python3. These are likely documentation/metadata typos and do not change the core capability.
ℹ 指令范围
Runtime instructions simply demonstrate invoking the bundled Python script. The script reads/writes a JSON file at ~/.code_snippets.json (it will create and persist snippets there) and may call the system 'xclip' command to copy text to the clipboard. It performs no network activity, does not read other system configs, and does not access environment variables. The examples contain filename typos (snippets.py vs scripts/snippet.py).
✓ 安装机制
No install spec is provided (instruction-only plus one included script). _meta.json notes python3 as a required binary, which is reasonable. Nothing is downloaded or extracted; no remote install URLs are used.
✓ 凭证需求
The skill requires no credentials or environment variables. It stores data locally in a plain JSON file in the user's home directory (~/.code_snippets.json). That persistent storage is proportional to the described purpose but is unencrypted by design.
✓ 持久化与权限
The skill does not request elevated or platform-wide privileges, does not set always:true, and only persists its own data file in the user's home directory. It does not modify other skills or system-wide configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/16
Initial release of code-snippet. - Save and organize frequently used code snippets. - Supports quick search and tag-based classification. - Multi-language support with syntax highlighting. - One-click copy for easy sharing and use. - Simple command-line interface for adding, searching, listing, and copying code snippets.
● 无害
安装命令 点击复制
官方npx clawhub@latest install code-snippet
镜像加速npx clawhub@latest install code-snippet --registry https://cn.clawhub-mirror.com
技能文档
收藏和管理常用代码片段。
功能
- 💾 保存代码片段
- 🔍 快速搜索
- 🏷️ 标签分类
- 📋 一键复制
使用方法
添加片段
python3 scripts/snippet.py add "Python读取文件" --code "with open('file.txt') as f:" --lang python --tag 文件操作
搜索
python3 scripts/snippet.py search "读取文件"
列出
python3 snippets.py list --tag python
复制
python3 snippets.py get 1
示例
# 添加 Python 代码片段
python3 scripts/snippet.py add "读取JSON" --code "import json\nwith open('file.json') as f: data = json.load(f)" --lang python# 搜索
python3 scripts/snippet.py search "JSON"
# 按标签列出
python3 scripts/snippet.py list --tag python
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制