📦 Opencli 用法

v1.0.0

在任何 OpenCLI 会话开始时——这是 `opencli` 的顶层概览，展示其功能、如何发现适配器、可用的标志与输出格式……

0· 45·0 当前·0 累计

by @liberalchang (chang)

命令行工具数据库代码审查

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill is an instruction-only orientation doc for OpenCLI and is internally consistent with that purpose; it documents browser-driven behavior that can access live browser sessions (cookies/headers) but otherwise makes no unexpected requests or installs.

评估建议

This skill is an orientation/documentation layer for OpenCLI and appears to do what it claims. Before using it: (1) ensure you have the opencli binary installed (the SKILL.md assumes it, but the metadata didn't list it); (2) understand that some adapters require a logged-in Chrome/Electron session and will capture cookies/headers from that session — only use those adapters if you trust the site and the OpenCLI browser extension/daemon; (3) if you plan to install from the repo or npm, verify the ...

详细分析 ▾

ℹ 用途与能力

The skill's name/description match the content: it's an orientation layer for opencli. Minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md repeatedly assumes the presence of the `opencli` binary (and shows how to install it). The omission of `opencli` from required-binaries is a documentation mismatch but does not change the skill's purpose.

✓ 指令范围

SKILL.md confines runtime actions to running `opencli` commands (e.g., `opencli list -f json`, `opencli doctor`) and reading documentation; allowed-tools reflect this. It does describe adapters that will capture credentials from a logged-in Chrome session, which is within the documented scope (browser-bridge adapters). The instructions do not ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints.

✓ 安装机制

This is an instruction-only skill with no install spec. The doc shows standard install options (npm package, GitHub repo). Those instructions reference common sources (npm, GitHub via SSH) and do not include arbitrary downloads or obscure URLs.

ℹ 凭证需求

The skill itself declares no required environment variables, but the documentation lists several OPENCLI_* env vars used to configure the browser bridge and timeouts. More importantly, several adapter strategies (COOKIE, HEADER, INTERCEPT, UI) require a logged-in Chrome session and will capture session cookies/headers; this is sensitive but coherent with the documented functionality. There are no unexpected credential requests in the metadata.

✓ 持久化与权限

The skill does not request permanent presence (always:false), does not include install hooks, and does not attempt to modify other skills or system-wide agent settings. It's a read-and-run documentation layer with normal agent invocation allowed.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/22

Initial release of opencli-usage: a top-level guide for discovering, using, and authoring OpenCLI adapters and commands. - Explains OpenCLI's three core pillars: adapter commands, browser driving, and external CLI passthrough. - Details prerequisites by adapter strategy and summarizes the browser bridge requirements. - Lists universal flags, output formats, and key environment variables. - Covers discovering commands and adapters dynamically with opencli list. - Describes how to author, validate, and repair adapters, and provides plugin management instructions. - Outlines external CLI passthrough and installation/register flows.

● 可疑

安装命令

点击复制

官方npx clawhub@latest install opencli-usage

镜像加速npx clawhub@latest install opencli-usage --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库