by 安全扫描
OpenClaw
可疑
medium confidence该技能的代码和指令与其所述目的(文件浏览器)一致,它使用文件系统操作进行交互,请求适当的配置,不请求无关的凭证或意外端点。
评估建议
此技能似乎确实做到了它声称的:文件浏览器工具,用于文件操作和导航。安装或运行之前:1) 确认您对授予文件系统访问权限感到满意——该工具可以读取和操作文件。2) 仅将其用于您有权访问的文件,避免操作敏感文件,除非您完全信任设置。3) 技能不请求凭证,但注意不要向脚本传递敏感的文件路径,除非您信任整个工具链。4) 如果您想要更高的保证,请在运行前在本地审查包含的脚本。...详细分析 ▾
✓ 用途与能力
Name, description, SKILL.md, and included scripts align: the skill only lists and reads files under /home/alfred/.openclaw/workspace and declares no extra dependencies or credentials.
⚠ 指令范围
SKILL.md restricts to relative paths and read-only operations and the scripts generally enforce these checks, but the scripts do not prevent symlink traversal (a workspace-file that is a symlink can point outside the workspace) and they emit JSON by interpolating raw filenames/file contents without escaping, which can break parsing or enable JSON injection. There is no handling for filenames containing quotes, newlines, or other special characters.
✓ 安装机制
No install spec; instruction-only with two small scripts. No external downloads or package installs are performed.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. This is proportionate to a read-only file browser.
✓ 持久化与权限
Skill is not always-enabled and uses normal invocation. It does not request elevated or persistent privileges.
安装前注意事项
- resolve and verify the absolute path (e.g., realpath or readlink -f) and ensure it has the workspace prefix to block symlink/outside reads;
- refuse to follow symlinks or explicitly check for and reject symlinks if you want strict confinement;
- produce JSON safely (use a JSON encoder such as jq, Python's json.dumps, or printf with proper escaping) rather than interpolating raw data;
- harden filename handling (handle newlines and quotes, or return names via null-separated output); and
- validate parsed JSON before using results. If you cannot patch the scripts, consider running the skill in a restricted environment or rejecting it. Confidence is medium — code is small and readable, but the above issues are real and should be fixed before trusting the skill with sensitive workspace contents.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/10
初始版本,支持文件浏览器
● 可疑
安装命令 点击复制
官方npx clawhub@latest install file-browser
镜像加速npx clawhub@latest install file-browser --registry https://cn.clawhub-mirror.com
技能文档
Quick 开始
Resolve all paths relative to WORKSPACE=/home/alfred/.openclaw/workspace. Sanitize inputs to prevent escapes or absolutes.- 到 列表 directory: exec("scripts/list_files.sh", [rel_path]) → JSON {成功: bool, data: 数组 的 names, 错误: 字符串}
- 到 读取 file: exec("scripts/read_file.sh", [rel_path]) → JSON {成功: bool, data: 字符串 (text content), 错误: 字符串}
- Handle errors: 对于 binary/large/non-text files, return 错误 JSON.
Step-由-Step Workflow
- 解析 用户 查询 对于 action (列表/读取) 和 relative path.
- Call appropriate script 带有 sanitized rel_path.
- 解析 JSON 输出; respond 到 用户 带有 results 或 错误 消息.
- 如果 path 无效 或 outside workspace, reject immediately.
Safety Guidelines
- Enforce 读取-仅: 否 writes, deletes, 或 exec beyond scripts.
- Log accesses 如果 verbose mode 已启用.
- 对于 large files (>10k chars), truncate 或 summarize.
Edge Cases
- 空 path: 默认 到 "." (workspace root).
- Binary file: Return 错误 "Non-text file".
- See references/examples.md 对于 更多 (如果 added).
Bundled Resources
- scripts/list_files.sh: Bash wrapper 对于 ls.
- scripts/read_file.sh: Bash wrapper 对于 cat 带有 limits.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制