by 安全扫描
OpenClaw
安全
high confidenceThe skill's requests and runtime instructions are coherent with its stated purpose (running and orchestrating .prose programs), but it allows fetching and executing remote programs and reading project-level config files (.prose/.env), so you should avoid running untrusted .prose sources or storing secrets in project config files.
评估建议
This skill is internally consistent: it is a runner/orchestrator for .prose programs and its instructions match that purpose. Main risks to consider before installing or running it: (1) it fetches and executes .prose programs from arbitrary URLs or registry shorthands — do not run programs from untrusted sources, as they can perform network calls, spawn agents, or read project files; (2) it uses project-level config (e.g., .prose/.env and .prose/agents/) — avoid storing secrets there unless you ...详细分析 ▾
✓ 用途与能力
The name/description (OpenProse VM, run/compile/orchestrate .prose files) matches the SKILL.md behavior: routing prose commands, loading bundled docs/examples, and supporting remote program fetches. There are no unrelated env vars, binaries, or installs requested.
ℹ 指令范围
Instructions explicitly permit fetching .prose programs from arbitrary URLs or a registry shorthand and then loading/executing them. It also maps file I/O to the Moltbot read/write primitives and states that project files (e.g., .prose/.env, .prose/runs/, project *.prose) are used as state/config. This is consistent with a language runner, but it means executing untrusted remote programs or prose that references external endpoints can cause arbitrary network activity or actions the agent will perform.
✓ 安装机制
Instruction-only skill with no install spec and no code files to write at install time — lowest-risk install model.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which matches the bundle. However, the runtime guidance references reading project-level config files such as .prose/.env and user-level state backends (filesystem, sqlite, postgres docs are included). Reading a project .prose/.env file is reasonable for a project runner, but such files often contain secrets — users should avoid placing sensitive credentials there or ensure the agent is permitted to access them.
✓ 持久化与权限
The skill does not request always:true and does not declare elevated platform privileges. It is user-invocable and may be invoked autonomously by the agent (default), which is expected for a skill that runs programs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/1/29
Initial release of the OpenProse skill pack for orchestrating AI agent workflows via the `prose` language. - Activates on any `prose` command, references to `.prose` files, or mentions of OpenProse. - Supports unified command routing for running, compiling, updating, and exploring `prose` programs. - Enables multi-agent orchestration based on `.prose` scripts and session definitions. - Provides resolution and execution of both local and remote `prose` programs, with flexible example lookup. - Integrates file/state management and authoring guidance per the OpenProse VM specification.
● 可疑
安装命令
点击复制官方npx clawhub@latest install prose
镜像加速npx clawhub@latest install prose --registry https://cn.longxiaskill.com