📦 MongoDB Atlas — 浏览管理API
v1.0.0浏览 MongoDB Atlas Admin API 规范,并在提供凭证后直接执行操作,实现数据库集群、用户、网络等资源的可视化管理与自动化运维。
0· 1.9k·1 当前·1 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent with its description: it bundles the Atlas OpenAPI spec and provides Node scripts to browse the spec and (if you provide ATLAS_CLIENT_ID and ATLAS_CLIENT_SECRET) make live API calls. Before installing or using it, consider:
- The tool will perform network calls to your Atlas endpoint and will exchange your service-account credentials for an access token (expected for this purpose). The client secret is used only for the token request and is not stored by the skill.
- A t...详细分析 ▾
✓ 用途与能力
Name/description match the contents: the package includes a full Atlas OpenAPI spec and two Node scripts — one for browsing the spec and one for making API calls. Requiring `node` and Atlas service account credentials (ATLAS_CLIENT_ID, ATLAS_CLIENT_SECRET) is appropriate for this functionality.
ℹ 指令范围
SKILL.md instructs the agent to run local Node scripts that only read the bundled OpenAPI spec and, when credentials are present, perform live HTTP calls to MongoDB Atlas. The runtime scripts are explicit about when they will modify resources and require interactive approval for POST/PUT/PATCH/DELETE. Note: atlas-call.mjs also reads/writes a local token cache and can use optional env vars (ATLAS_GROUP_ID, ATLAS_API_BASE_URL) not listed as required; these are reasonable but should be noted.
✓ 安装机制
No install step or external downloads are used — this is instruction-plus-local-code only. All included files are present in the bundle (large OpenAPI JSON and two scripts). No remote installers, URL downloads, or archives are present.
ℹ 凭证需求
The two required env vars (ATLAS_CLIENT_ID, ATLAS_CLIENT_SECRET) are appropriate for obtaining OAuth tokens via client-credentials flow. The scripts additionally accept optional ATLAS_GROUP_ID and ATLAS_API_BASE_URL (documented in the script) but these were not declared as required — this is low-risk but worth documenting. The skill does not request unrelated credentials.
ℹ 持久化与权限
The client caches the OAuth access token to disk under ~/.openclaw/.cache/mongodb-atlas/token.json to avoid repeated token requests; it does not persist client secrets. Writing a token cache to the user's home directory is reasonable for an API client but means authentication state persists on disk and should be considered by the user.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/11
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install mongodb-atlas-admin
镜像加速npx clawhub@latest install mongodb-atlas-admin --registry https://cn.longxiaskill.com