by 安全扫描
OpenClaw
可疑
medium confidenceThe skill appears to only instruct scraping and summarization of public API/docs pages (no credentials or installs), but its declared name/metadata (Apifox) does not match the SKILL.md content (YApi), which is an inconsistency worth confirming before installing.
评估建议
Before installing: 1) Confirm the intended target—ask the author whether this skill is for Apifox or YApi and request matching metadata (name/homepage). 2) Verify source/trustworthiness since 'Source' and 'Homepage' are unknown. 3) If you plan to let an agent crawl the web, run it in a sandboxed environment and ensure it respects robots.txt and rate limits. 4) Because the SKILL.md allows dynamic page loading and generic 'visit product pages' actions, prefer least-privilege network access (restri...详细分析 ▾
⚠ 用途与能力
The package metadata names the skill 'Apifox' while SKILL.md registers a 'YApi' skill (yapi-hot-trend) and points to yapi.pro. Both relate to API documentation tools, so this could be a harmless copy/paste mistake, but the name/description mismatch is an incoherence that should be clarified with the author.
✓ 指令范围
SKILL.md instructs the agent to visit public product/documentation pages, wait for dynamic content, extract summaries, directories, and repository links, and explicitly forbids account operations, project writes, or sensitive-data collection. That scope is consistent with the stated purpose of summarizing public docs.
✓ 安装机制
No install spec and no code files are present (instruction-only skill). This minimizes on-disk risk; nothing is downloaded or executed by an installer.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. For a web-scraping / summarization instruction set this is proportionate and appropriate.
✓ 持久化与权限
Flags show always:false and autonomous invocation is allowed (the platform default). The skill does not request elevated persistence or to modify other skills/config; this is proportionate.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/20
Initial release of the yapi-hot-trend skill. - Provides summary and organization of public YApi documentation and product info. - Supports extracting feature lists, version differences, usage scenarios, and key documentation links. - Only processes publicly available pages; no account, project, or API write operations. - Handles dynamically loaded pages and compiles summaries without storing or outputting sensitive information. - Includes compliance reminders to adhere to platform and open-source policies.
● 无害
安装命令 点击复制
官方npx clawhub@latest install apifox
镜像加速npx clawhub@latest install apifox --registry https://cn.clawhub-mirror.com
技能文档
用途与边界
- 面向公开产品/开源文档的检索与内容摘要
- 不提供账号操作、项目写入或接口逆向能力
- 仅处理公开页面的轻量信息整理
关键入口
- 主页:https://yapi.pro/
- 文档与示例:站点入口或GitHub开源页
- 公告与版本更新:站点入口
常见任务
- 功能与版本说明摘要(接口管理/Mock/权限)
- 部署与使用文档目录提取
- 开源仓库入口与示例链接汇总
数据字段
- 功能条目、版本差异、适用场景、链接
- 文档标题、目录链接、部署指南入口
- 开源仓库链接、示例入口
自动化要点
- 页面动态加载,需等待完成后解析
- 不进行项目写入或接口调用
- 频率控制,尊重平台访问限制
示例流程
- 功能摘要:访问产品页 → 抽取功能与版本 → 输出摘要
- 文档目录:进入文档中心 → 抽取目录 → 输出链接集合
- 开源入口:收集仓库链接 → 汇总示例 → 输出清单
合规提示
- 遵守平台与开源协议
- 不存储或输出敏感信息
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制