by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to genuinely be for controlling a Niri session, but take these precautions before installing: 1) Only install if you run the Niri compositor and trust the skill owner; the skill assumes $NIRI_SOCKET and the `niri msg` CLI but does not declare them — confirm those prerequisites. 2) Review the bundled scripts (scripts/niri.py, niri_ctl.py, niri_socket.py) yourself to verify what they execute; pay attention to the implementation of spawn/spawn-sh to see how they invoke the shell....详细分析 ▾
ℹ 用途与能力
The name, description, SKILL.md and bundled scripts (scripts/niri.py, scripts/niri_ctl.py, scripts/niri_socket.py) all align with a Niri IPC helper: they wrap `niri msg` and $NIRI_SOCKET operations and provide window/workspace actions. However, the skill declares no required env vars or binaries even though the instructions explicitly assume $NIRI_SOCKET and the `niri msg` CLI are available. The omission of these declared requirements is an inconsistency (should at least list NIRI_SOCKET and niri).
ℹ 指令范围
The SKILL.md stays on-topic (querying state, focusing/moving/closing windows, spawning programs, streaming events). It documents using helper scripts and direct socket access. A notable point: the documented actions include 'spawn' and 'spawn-sh' — the latter runs commands through the shell, so the skill provides a mechanism to execute arbitrary shell commands on the host. That behavior is coherent with compositor control but is sensitive and worth flagging.
✓ 安装机制
There is no install spec (instruction-only skill with bundled scripts). No external downloads or package installs are requested, so nothing is written to disk by an installer beyond the included files. This is lower installation risk.
⚠ 凭证需求
The skill requires access to the Niri socket and the `niri msg` CLI in practice, but requires.env and primary credential fields are empty. The SKILL.md references $NIRI_SOCKET and running inside a Niri session; these should have been declared. Also, since the skill can spawn arbitrary commands (including via shell), any environment or file the spawned commands access becomes relevant — the skill requests broader runtime privileges than are declared.
⚠ 持久化与权限
The skill is not set always:true (good), but disable-model-invocation is not set, so the model can invoke this skill autonomously. Combined with documented spawn and spawn-sh actions that can run arbitrary processes/commands, this creates a risk surface: an autonomously-invoked skill could execute commands on the host. For a compositor control tool this ability may be reasonable, but it is sensitive and should be intentionally restricted or documented.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/1
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install niri-ipc
镜像加速npx clawhub@latest install niri-ipc --registry https://cn.longxiaskill.com✓ 镜像可用