gcp-storage-manager — 技能工具
v1.0.0[自动翻译] Manage Google Cloud Storage
0· 80·0 当前·0 累计
安全扫描
OpenClaw
可疑
medium confidenceThe skill's SKILL.md references running a missing Python script and asks for an undeclared generic STORAGE_API_KEY instead of standard GCP credentials, which is inconsistent and warrants caution.
评估建议
Do not install or enable this skill until the author/source is verified and the package is corrected. Specific things to ask the publisher: (1) include the referenced scripts/implementation or remove the usage entry, (2) declare required environment variables and explain how to obtain them, (3) for GCP access, prefer Google service account keys or ADC (GOOGLE_APPLICATION_CREDENTIALS) and document scope/permissions. Never paste API keys into an unclear skill—if you must test, do so in an isolated...详细分析 ▾
⚠ 用途与能力
The name/description say 'Manage Google Cloud Storage' but the skill requests a generic STORAGE_API_KEY (not the usual Google service account/ADC credentials) and the manifest declares no credentials. The stated GCP purpose does not align with the credential model shown in the instructions.
⚠ 指令范围
SKILL.md instructs executing `python3 scripts/gcp_storage_manager.py` and to export STORAGE_API_KEY, but the package contains no code files (no scripts/). Instructions also omit how the key is provisioned or validated. Referencing a non-existent script and an undocumented API key is vague and could prompt unsafe follow-up actions (downloading/executing external code or asking users to paste keys).
ℹ 安装机制
There is no install spec (lower risk), but the usage implies a local script that isn't included. Because no code or install steps are present, the skill as published is incomplete; an agent or user might try to fetch or run external code to satisfy the missing script, which increases risk if done automatically.
⚠ 凭证需求
The instructions require STORAGE_API_KEY but the registry metadata lists no required env vars or primary credential. A GCP storage manager would normally require Google service account credentials or ADC (GOOGLE_APPLICATION_CREDENTIALS), not a generic STORAGE_API_KEY. This mismatch is disproportionate and unexplained.
✓ 持久化与权限
The skill does not request persistent/always presence (always: false) and declares no config paths. Autonomous invocation is permitted (default), which is normal; however, this normal behavior combined with the other inconsistencies increases potential risk.
安装前注意事项
- include the referenced scripts/implementation or remove the usage entry, (
- declare required environment variables and explain how to obtain them, (
- for GCP access, prefer Google service account keys or ADC (GOOGLE_APPLICATION_CREDENTIALS) and document scope/permissions. Never paste API keys into an unclear skill—if you must test, do so in an isolated environment and monitor network/activity. Because the skill is incomplete and inconsistent, treat it as untrusted until clarified or fixed.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/26
● 无害
安装命令 点击复制
官方npx clawhub@latest install jpeng-gcp-storage-manager
镜像加速npx clawhub@latest install jpeng-gcp-storage-manager --registry https://cn.clawhub-mirror.com
技能文档
Manage Google Cloud Storage
When to Use
- User needs gcp related functionality
- Automating storage tasks
- Cloud operations
Usage
python3 scripts/gcp_storage_manager.py --input --output Configuration
Set required environment variables:
export STORAGE_API_KEY="your-api-key"
Output
Returns JSON with results:
{
"success": true,
"data": {}
}
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制