📦 Ai Intelligent Defect Detection — 实用工具
v1.0.0Ai Intelligent Defect Detection是一款实用的工具技能,能够帮助用户完成相关任务,提升工作效率。
0· 117·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (defect detection) matches its description, but the runtime instructions tell the user/agent to download and execute code from an external GitHub repo (and pip install its requirements) even though no code or install spec is bundled — this is a risky mismatch that should be reviewed before running.
评估建议
This skill is essentially a pointer to an external GitHub project rather than a bundled implementation. Before cloning or running anything: 1) Inspect the GitHub repository and review its code, especially app.py and requirements.txt; 2) Prefer a pinned commit or release and verify checksums; 3) Run the code in an isolated sandbox or VM (not as root) and restrict network egress while you evaluate; 4) Check the project license, author identity, and recent activity; 5) If you cannot or do not want ...详细分析 ▾
✓ 用途与能力
Name, description, and listed capabilities (surface defect detection, classification, localization, reporting) are coherent with the declared tech stack (Python, FastAPI, image processing). The skill does not request unrelated credentials or config.
⚠ 指令范围
The SKILL.md instructs cloning https://github.com/openclaw-skills/ai-intelligent-defect-detection, pip installing requirements.txt, and running python app.py. The packaged skill itself contains no code — so following these instructions causes the agent/user to download and execute external code at runtime. There are no safety indicators (no pinned release, no checksum) and the instructions give broad permission to install arbitrary Python packages and run an application, which is outside the narrow 'describe capabilities' scope and increases risk.
⚠ 安装机制
There is no declarative install spec in the package; instead SKILL.md advocates git clone + pip install from a GitHub repo. GitHub is a common source, but the lack of a pinned release, commit hash, or package checksums and the unreviewed requirements.txt means arbitrary code and dependencies could be installed. This is a moderate-to-high install risk if executed without inspection.
✓ 凭证需求
The skill declares no required env vars, binaries, or config paths, and the instructions do not ask for credentials. That is proportionate to a readme-style skill. However, running the recommended app may implicitly require network, file system, or hardware access — the SKILL.md does not document those needs.
✓ 持久化与权限
always is false and there is no request to modify other skills or system-wide config. The skill does not request persistent presence in the agent beyond normal invocation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install ai-defect-detection
镜像加速npx clawhub@latest install ai-defect-detection --registry https://cn.longxiaskill.com