by 安全扫描
OpenClaw
安全
high confidence这是一个仅用于指令的帮助工具,用于 qjzd-nav CLI 身份验证工作流,并且在内部保持一致:它只需要 qjzd-nav 二进制文件,其指令与所描述的目的相匹配。
评估建议
This skill is coherent and lightweight, but take these precautions before using it: (1) Verify the qjzd-nav binary is from a trusted source and on your system PATH — the skill will run that binary. (2) Avoid passing plaintext passwords on the command line (the examples use --password); prefer interactive entry or other secure input methods to prevent exposure via shell history or process listings. (3) Be aware the CLI will store secrets in your system keyring and may contact the configured serve...详细分析 ▾
✓ 用途与能力
Name/description describe CLI auth flows and the skill requires only the qjzd-nav binary; that is proportionate and expected for an auth helper.
ℹ 指令范围
SKILL.md confines itself to qjzd-nav auth commands (login, profile management, doctor, delete). It does reference that secrets live in the system keyring and shows examples using --password. Minor caution: the documentation encourages non-interactive use with --password and --force which can leak credentials via shell history or process lists; otherwise the instructions do not ask the agent to read unrelated files or credentials.
✓ 安装机制
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
✓ 凭证需求
The skill declares no required env vars or credentials. It mentions that credentials are stored in the system keyring (expected for a CLI auth helper) but does not request unrelated secrets or external credentials.
✓ 持久化与权限
always is false and model invocation is normal. The skill does not request persistent system-wide privileges or attempt to modify other skills or agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.3.22026/4/19
## qjzd-nav-cli-auth 1.3.2 - 未在此版本中检测到文件更改。 - 功能和文档与前一版本保持一致。
● 无害
安装命令
点击复制官方npx clawhub@latest install qjzd-nav-cli-auth
镜像加速npx clawhub@latest install qjzd-nav-cli-auth --registry https://cn.longxiaskill.com 镜像可用
技能文档
使用此技能进行qjzd-nav auth和qjzd-nav auth profile操作。如果尚未设置认证,请先设置,然后再运行link、category、tag、backup或settings命令。
命令
``bash
qjzd-nav auth --help
qjzd-nav auth login --help
qjzd-nav auth profile --help
`
主要工作流程:
qjzd-nav auth loginqjzd-nav auth currentqjzd-nav auth profile listqjzd-nav auth profile currentqjzd-nav auth profile getqjzd-nav auth profile useqjzd-nav auth profile deleteqjzd-nav auth profile doctor
常见流程
使用密码登录(使用RSA加密):
`bash
qjzd-nav auth login \
--profile default \
--url https://nav.qjzd.online \
--password
`
注意:密码在发送前使用服务器的公钥进行加密。
检查和切换配置文件:
`bash
qjzd-nav auth current
qjzd-nav auth profile list
qjzd-nav auth profile use production
qjzd-nav auth profile get default --json
`
诊断破损凭据:
`bash
qjzd-nav auth profile doctor
qjzd-nav auth profile delete production --force
`
规则
在非交互模式下,qjzd-nav auth login需要--profile、--url和--password。当其他工具需要结构化输出时使用--json。profile delete是破坏性的;在非交互模式下使用--force。- 配置文件元数据存储在配置中,但密钥存储在系统keyring中。
- CLI使用RSA加密进行密码认证。
路由
使用qjzd-nav-cli-content进行链接、类别和标签操作。使用qjzd-nav-cli-operations`进行备份、恢复和设置操作。