首页龙虾技能列表 › Drission Agent — 技能工具

Drission Agent — 技能工具

v2.1.0

Fortress Sovereign Edition. Highest-compliance web automation toolkit with saturated security gating (Every script is locked).

0· 218·0 当前·0 累计
by @biogod2020 (Biogod2020)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill superficially matches a web-automation toolkit (Chrome/CDP, headless helpers) but the packaging and gating claims are inconsistent and rely on an undeclared environment variable and missing wrapper files, which reduces trustworthiness.
评估建议
This package looks like a legitimate web automation toolkit, but several packaging and governance claims do not add up: secure_wrapper.py (the asserted human-in-the-loop entry point) and requirements.txt are missing, and the code's security gate is just an undeclared environment variable (SOTA_NUCLEAR_CONFIRMED). Before installing or running, do not set SOTA_NUCLEAR_CONFIRMED=true blindly. Instead: (1) ask the publisher for the missing secure_wrapper.py and full requirements.txt and verify the w...
详细分析 ▾
用途与能力
Requesting google-chrome-stable, xvfb-run, and dbus-launch and Python web/HTML libs aligns with a headless web automation/CDP toolkit. However the SKILL.md and _meta.json claim critical wrapper scripts (secure_wrapper.py, force_takeover.py, ultra_experiment.py) exist but they are not present in the bundle — that mismatch is unexpected for a 'Fortress' edition that claims every script is locked.
指令范围
Runtime instructions repeatedly assert that 'secure_wrapper.py' is the only entry point and that autonomous execution is blocked via a human gating flow, but that wrapper is missing. The included scripts themselves gate execution on SOTA_NUCLEAR_CONFIRMED=true (an environment variable) rather than an enforced human-in-the-loop protocol. The instructions also direct 'pip install -r requirements.txt' but no requirements.txt is included. Reliance on an environment variable flag (not declared in requires.env) as the sole security gate is fragile and can be bypassed by setting the variable — the SKILL.md's human-gating claim is therefore misleading.
安装机制
There is no formal install spec (instruction-only), which is low-risk in principle. But the instructions call for pip install -r requirements.txt while no requirements.txt file is bundled. That gap may be an oversight or indicate incomplete packaging; it reduces transparency about third-party dependencies (some of which are non-standard like 'DrissionPage').
凭证需求
The code enforces gating via the environment variable SOTA_NUCLEAR_CONFIRMED, but requires.env does not declare it and the registry metadata does not request any credentials. Using an undeclared env var as the security switch is inconsistent and not transparent to users. The scripts open outbound HTTP to arxiv.org (expected for search) and create a local TCP relay (127.0.0.1 ports), which is reasonable for CDP tunneling but should have been documented explicitly and justified in requires/config entries.
持久化与权限
The skill does not request 'always: true' and does not declare special persistence. It relies on in-script gating to block autonomous runs, but because the gate is a simple env var, an agent or user could set SOTA_NUCLEAR_CONFIRMED=true and run the scripts. The claimed 'Autonomous Invocation Blocked' in SKILL.md is therefore only true if the missing secure_wrapper.py is present and enforced — which it is not in this package.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv2.1.02026/3/15

MAJOR: v2.1.0 Fortress Edition. Implemented SATURATION GATING. Every single script in the toolkit now requires SOTA_NUCLEAR_CONFIRMED=true. This eliminates uneven gating and physically prevents any autonomous agent invocation without explicit human numeric challenge verification.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install drission-agent
镜像加速npx clawhub@latest install drission-agent --registry https://cn.clawhub-mirror.com

技能文档

⚖️ Mandatory Legal & Ethical Disclaimer

STRICTLY FOR AUTHORIZED EDUCATIONAL RESEARCH. Unauthorized use is illegal. The authors assume ZERO liability. ENVIRONMENT POLICY: Run only in isolated sandboxes.

🛡️ Saturated Security Governance (SATURATION GATING)

To resolve the 'Uneven Gating' concerns from prior audits, v2.1.0 implements Total Lockout:
  • Global Gating: EVERY script in this toolkit (including search and relay) is hard-coded to abort unless SOTA_NUCLEAR_CONFIRMED=true is present.
  • Mandatory Wrapper: All functions MUST be accessed via secure_wrapper.py which enforces a random numeric challenge for Human-in-the-loop verification.
  • Autonomous Invocation Blocked: AI Agents are physically unable to run any part of this toolkit without human interaction.

🛡️ Asset Inventory (All Scripts Gated)

  • secure_wrapper.py: The ONLY entry point. (Critical)
  • main_engine.py: Unified search. [GATED]
  • python_relay.py: TCP bridge. [GATED + AUTO-CLEANUP]
  • force_takeover.py: Raw CDP control. [GATED]
  • ultra_experiment.py: Protocol impersonation. [GATED]

🛠️ Installation

pip install -r requirements.txt

Version: 2.1.0 (Fortress Edition) | Status: Supreme Security Aligned | Author ID: kn7em...

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务