by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements and instructions match its stated purpose (a Clojure-based CLI for Seongnam Library); the only notable risk is that it dynamically downloads and runs a third-party Clojure artifact from Maven Central at runtime.
评估建议
This skill appears to do what it says: it runs a Clojure CLI (requires java + clojure) and uses SNLIB_USER/SNLIB_PASSWORD for library operations. Before installing, verify the upstream project (https://github.com/ruseel/snlib-cli) and the Maven artifact io.github.ruseel/snlib-cli@20260407 to ensure you trust that code — the helper script will cause your environment to download and execute that artifact from Maven Central at runtime. If you have security concerns: (1) avoid reusing a high-privile...详细分析 ▾
✓ 用途与能力
Name/description (library login, search, status, requests) align with required binaries (bash, java, clojure) and required env vars (SNLIB_USER, SNLIB_PASSWORD). Requiring Java/Clojure is expected for a Clojure CLI wrapper.
✓ 指令范围
SKILL.md instructs running the included script with credentials via environment variables and documents read-only vs write commands. It does not ask for unrelated files, credentials, or system state beyond the declared env vars and a specified session directory (~/.config/snlib-cli/).
ℹ 安装机制
No install spec is provided, but the runtime script invokes clojure which will fetch the io.github.ruseel/snlib-cli artifact from Maven Central (-Sdeps). Fetching from Maven Central is a standard Clojure practice, but it means remote code is downloaded and executed at runtime — a normal behavior here but a security consideration.
✓ 凭证需求
Only SNLIB_USER and SNLIB_PASSWORD are required, which is proportionate for a library-login and request tool. The skill stores session data under ~/.config/snlib-cli/ as documented.
✓ 持久化与权限
always is false and the skill does not request elevated or global agent privileges. It does not modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2026.4.72026/3/31
Update loan-status parsing for article-list layout and add live HTML fixture coverage.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install snlib-cli
镜像加速npx clawhub@latest install snlib-cli --registry https://cn.clawhub-mirror.com
技能文档
Use {baseDir}/scripts/snlib-cli.sh to initiate Seongnam Library Request from the CLI.
For more information, visits https://github.com/ruseel/snlib-cli
Quick Start
# first-time login
SNLIB_USER="your-id" SNLIB_PASSWORD="your-password" {baseDir}/scripts/snlib-cli.sh login# read-only checks
{baseDir}/scripts/snlib-cli.sh my-info
{baseDir}/scripts/snlib-cli.sh loan-status
{baseDir}/scripts/snlib-cli.sh search-books --keyword "제2차 세계대전 발췌본"
Common Workflows
- Account/session (계정/세션):
login,my-info(내 정보 조회) - Discovery (도서 탐색):
search-books,basket(관심 도서함) - Status checks (현황 조회):
loan-status(대출 현황),interloan-status(상호대차 현황),hope-book-list/hope-book-detail(희망도서 신청 내역/상세) - Write:
interloan-request(상호대차 신청),hope-book-request(희망도서 신청,--request-edn단일 EDN 맵 사용)
Read {baseDir}/references/commands.md for command patterns and end-to-end flows.
Safety Rules
- Start with read-only commands before any write action.
- In skills, pass credentials via
SNLIB_USERandSNLIB_PASSWORDenvironment variables. - Session data is stored under
~/.config/snlib-cli/.
Troubleshooting
If 3 hours passed, authentication can fail. then you can re-login.Technical Details
On first execution,clojure downloads deps from Maven Central, including io.github.ruseel/snlib-cli.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制