首页龙虾技能列表 › Claude Anywhere — 技能工具

Claude Anywhere — 技能工具

v1.6.2

不是聊天机器人,是你口袋里的AI员工。Claude Anywhere 让你通过 Telegram、企业微信、QQ 随时随地读写文件、执行命令、分析图片、管理代码。Not a chatbot — your AI engineer in your pocket. Claude Anywhere lets you re...

0· 180·1 当前·1 累计
by @yizhao1978·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/29
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The package mostly does what it says (a multi-platform bot that can read files, run commands, and call the Claude CLI), but there are several mismatches and privacy/exfiltration risks you should understand before running it on a production host.
评估建议
Plain-language summary and recommended precautions: - What it does: this repository implements a Telegram/WeCom/QQ bot that forwards user messages, images, and files to the local Claude CLI and returns the model's responses. It intentionally saves attachments to /tmp, instructs the model to read those files, and can schedule recurring jobs and run commands — exactly as the README claims. - Mismatches you should notice: the registry metadata only lists TELEGRAM_BOT_TOKEN as required, but the co...
详细分析 ▾
用途与能力
The skill's name/description (Telegram/WeCom/QQ bot that reads/writes files, runs commands, analyzes images) matches the included code: bridge files and core logic implement those features and require node and the Claude CLI. However the declared requirements list only TELEGRAM_BOT_TOKEN as a required env var while the code also expects WECOM_BOT_ID/WECOM_SECRET and QQ_APP_ID/QQ_APP_SECRET when using WeCom/QQ bridges — metadata underspecifies required credentials.
指令范围
SKILL.md and the code instruct users to install and run the bot, create systemd services, and install + log in to the Anthropic 'claude' CLI. Runtime behavior includes saving attachments to /tmp, passing local file paths to the Claude CLI and explicitly instructing the model to 'Read' local files and execute commands. That gives the remote model and any message sender the ability (via the bot and claude CLI) to read local files and execute commands on the host — which is intended for the product but is high privilege. The SKILL.md also contains a detected 'system-prompt-override' pattern (prompt-injection signal) which may indicate manipulation attempts embedded in the instructions; this needs manual review.
安装机制
There is no formal install spec for the platform — SKILL.md instructs cloning the GitHub repo and running npm install and global npm install of @anthropic-ai/claude-code. That is a normal workflow for this kind of Node bot, but it results in arbitrary JS being installed and run locally. The included license-client contacts license.claudeanywhere.com and the README references external purchase endpoints (gumroad / custom domains). No opaque download-URL shorteners were observed in the provided content, but running npm install will fetch dependencies from registries — review package-lock.json if you need supply-chain assurance.
凭证需求
Registry metadata only lists TELEGRAM_BOT_TOKEN as required, but the code reads many env keys (.env example and runtime): TELEGRAM_BOT_TOKEN, WECOM_BOT_ID, WECOM_SECRET, QQ_APP_ID, QQ_APP_SECRET, LICENSE_KEY, LICENSE_SERVER_URL, CLAUDE_PATH, CLAUDE_CWD. The code also imports a license-client that exposes getMachineId and constructs buy/activation URLs including a machine id parameter — that implies the package will compute and (likely) send a host fingerprint to the vendor's license server when checking/activating Pro. Requesting TELEGRAM_BOT_TOKEN is proportional for Telegram usage, but the omission of the other env vars in metadata is an incoherence and the machine-id/ license flow raises potential privacy/exfiltration concerns.
持久化与权限
The skill does not request always:true and is user-invocable. SKILL.md suggests configuring systemd or tmux to keep the bot running as a service — that is typical for bots but does create a persistent long-lived process on the host that will have access to files and the Claude CLI. The package does not automatically force system-wide changes, but following the README will grant it persistent presence and the ability to respond to remote messages indefinitely.
core.mjs:649
Shell command execution detected (child_process).
cron-manager.mjs:117
Shell command execution detected (child_process).
bridge-qq.mjs:39
Environment variable access combined with network send.
bridge-telegram.mjs:28
Environment variable access combined with network send.
core.mjs:322
Environment variable access combined with network send.
license-client.mjs:38
Environment variable access combined with network send.
bridge-qq.mjs:22
File read combined with network send (possible exfiltration).
bridge-telegram.mjs:12
File read combined with network send (possible exfiltration).
core.mjs:13
File read combined with network send (possible exfiltration).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.6.22026/3/22

docs: 补充/cron命令完整说明、定时任务使用章节;企业微信/QQ帮助文案升级为菜单式快速开始

● 可疑

安装命令 点击复制

官方npx clawhub@latest install claude-anywhere
镜像加速npx clawhub@latest install claude-anywhere --registry https://cn.clawhub-mirror.com

技能文档

🦞 龙虾与Claude Code的完美结合 / OpenClaw meets Claude Code, anywhere.

不是聊天机器人。是你口袋里的 AI 员工。 Not a chatbot. Your AI engineer, in your pocket.

Claude Anywhere 让你通过 Telegram、企业微信、QQ 随时随地:

  • 📂 读写文件 / Read/write files
  • ⚡ 执行命令 / Execute commands
  • 📷 分析图片 / Analyze images
  • 📄 文件分析 / Analyze files (PDF, Excel, CSV, code)
  • 🔄 会话恢复 / Resume sessions across devices
  • ⏰ 定时任务 / Schedule cron tasks

Pro 版 ¥39.99/月 → 立即升级

3步上手 / 3 Steps to Start

Telegram

  • 在 Telegram 搜索 @BotFather,发 /newbot,复制 Token
  • git clone https://github.com/yizhao1978/claude-anywhere.git && cd claude-anywhere && npm install && cp .env.example .env
  • 填入 Token → npm run telegram → 完成

企业微信 WeChat Work

  • 登录 work.weixin.qq.com → 应用管理 → AI助手 → 创建机器人,记录 Bot ID 和 Secret
  • git clone https://github.com/yizhao1978/claude-anywhere.git && cd claude-anywhere && npm install && cp .env.example .env
  • 填入 Bot ID + Secret → npm run wecom → 完成

QQ

  • 打开 https://q.qq.com/qqbot/openclaw/index.html → 扫码 → 创建机器人 → 获取 AppID + AppSecret
  • git clone https://github.com/yizhao1978/claude-anywhere.git && cd claude-anywhere && npm install && cp .env.example .env
  • 填入 AppID + AppSecret → npm run qq → 完成

三平台一键启动

配好所有 Token → npm start → 自动启动已配置的平台

Free Tier (no LICENSE_KEY)

  • 5 messages/day
  • 7-day trial period
  • Single-turn conversations
  • Text only
  • Upgrade prompts on every reply

Pro (¥39.99/月 | ¥399.9/年) → https://claudeanywhere.com/buy.html

  • Unlimited messages
  • Multi-turn conversations with /resume
  • Image and file analysis
  • WeChat Work full support
  • 付款后自动开通,无需填写 License Key / Auto-activated after payment

License Activation

扫码付款后 Pro 自动开通,无需任何操作。 After WeChat Pay, Pro is activated instantly and automatically.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务