by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says — a CLI/TUI for searching and downloading GIFs. Before installing/using it: 1) Note that SKILL.md expects the gifgrep binary; install via the listed Homebrew formula or Go module and verify those upstream sources (brew tap and GitHub repo) yourself. 2) If you want Giphy results you must provide a GIPHY_API_KEY; only give keys with appropriate scope and from a trusted account. Tenor works with a demo key by default. 3) The registry metadata you were shown omi...详细分析 ▾
ℹ 用途与能力
SKILL.md describes a CLI/TUI tool (gifgrep) that searches GIF providers, downloads results, and extracts stills/sheets. The instructions and declared install options (brew formula and Go module pointing to github.com/steipete/gifgrep) match that purpose. However, the registry metadata summary provided to you earlier said no required binaries/env vars, while SKILL.md metadata requires the gifgrep binary and documents GIPHY_API_KEY/TENOR_API_KEY — a metadata mismatch worth noting.
✓ 指令范围
The instructions tell the agent to run gifgrep commands, optionally write downloads to ~/Downloads, and reveal files in Finder; they do not instruct reading unrelated system files, sweeping env variables, or transmitting data to unexpected endpoints. Environment tweaks are limited to gifgrep-specific variables.
✓ 安装机制
Install options are standard: a Homebrew formula (steipete/tap/gifgrep) and a Go module (github.com/steipete/gifgrep/cmd/gifgrep@latest). Both are traceable to public package sources/GitHub rather than arbitrary download URLs or opaque archives.
ℹ 凭证需求
SKILL.md documents GIPHY_API_KEY (required for --source giphy) and TENOR_API_KEY (optional); these are proportional to the stated functionality. The earlier registry metadata claiming no required env vars conflicts with SKILL.md — verify which metadata the platform will rely on and be prepared to supply a provider API key if you want Giphy support.
✓ 持久化与权限
The skill is instruction-only (no code files bundled) and does not request always: true or any elevated/persistent system privileges. It does not modify other skills' configs or request system-wide credentials.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/1/4
● 无害
安装命令
点击复制官方npx clawhub@latest install gifgrep
镜像加速npx clawhub@latest install gifgrep --registry https://cn.longxiaskill.com