by 安全扫描
OpenClaw
安全
high confidence本技能为指令式集成,指示代理使用 Membrane CLI 连接到 Font Awesome;其请求和指令与此目的一致,不要求无关的凭据或系统访问。
评估建议
本技能为指令式集成,逻辑一致:指示代理使用 Membrane CLI 管理 Font Awesome 连接器并执行代理 API 调用。主要风险在于安装和信任来自 npm 的 Membrane CLI(全局安装执行第三方代码)。安装前,请验证 @membranehq/cli 包和发布者,尽可能使用 npx,审查 Membrane 的隐私/安全文档,并注意通过浏览器进行身份验证将 Font Awesome 凭据委托给 Membrane(连接器将允许 Membrane 访问您的 Font Awesome 账户)。如果无法或不愿安装第三方 CLI 工具或委托凭据给代理服务,请勿安装此技能。...详细分析 ▾
✓ 用途与能力
The name/description (Font Awesome integration for managing data/workflows) matches the runtime instructions which exclusively describe using the Membrane CLI to create a connector, list/run actions, and proxy API requests. There are no unrelated environment variables, binaries, or config paths requested.
✓ 指令范围
SKILL.md gives step-by-step CLI instructions: install Membrane CLI, run membrane login, create/connect a Font Awesome connector, list/run actions, and proxy requests. The instructions do not ask the agent to read arbitrary files, scan the system, or exfiltrate unrelated data. They do rely on opening a browser for OAuth-style login, which is expected for this flow.
ℹ 安装机制
The skill itself has no install spec, but SKILL.md instructs users to install @membranehq/cli globally via npm (-g) or to use npx. Installing a global npm package executes code from the npm registry and is a moderate-risk action — expected for this integration but worth user review of the package and publisher before installation.
✓ 凭证需求
The skill declares no required env vars or credentials and instead uses a Membrane account/connection model. Requiring a Membrane tenant and network access is proportionate to the described behavior. The instructions explicitly advise not to ask users for Font Awesome API keys, which is appropriate.
✓ 持久化与权限
The skill is instruction-only, doesn't request permanent 'always' inclusion, and does not instruct modifying other skills or system-wide agent settings. Normal autonomous invocation is allowed (platform default) and is not by itself a red flag here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/9
自动同步自 membranedev/application-skills
● 可疑
安装命令 点击复制
官方npx clawhub@latest install font-awesome-integration
镜像加速npx clawhub@latest install font-awesome-integration --registry https://cn.clawhub-mirror.com
技能文档
技能基本信息
- 名称:Font Awesome — 字体图标集成
- Slug:font-awesome-integration
- 描述:Font Awesome 集成,用于管理数据、记录和自动化工作流。适用于用户需要与 Font Awesome 数据交互的场景。
使用指南
- 安装 Membrane CLI(推荐使用
npx) - 通过代理连接到 Font Awesome
- 自动化工作流和管理数据
注意:安装前请参考安全评估和建议。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制