by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to be what it claims: a CLI client that queries the Frankfurter (ECB) exchange-rate API and does not request secrets. Before installing, note two practical points: (1) SKILL.md assumes you run the script with 'bun' — ensure your agent runtime provides bun or adapt/run via a compatible runtime (the skill metadata does not declare this binary), and (2) the skill makes external HTTPS requests to api.frankfurter.dev, so network access will be used. If you want extra assurance, rev...详细分析 ▾
ℹ 用途与能力
Name/description match the implementation: the scripts call https://api.frankfurter.dev/v1 and implement convert/latest/history/series/currencies. However, SKILL.md tells the operator to run the CLI with 'bun scripts/exchange.ts', yet the registry metadata's 'required binaries' list is empty — a practical mismatch (runtime dependency not declared) but not evidence of malicious intent.
✓ 指令范围
Runtime instructions are scoped to parsing user queries and invoking the included CLI scripts which make HTTPS GET requests to the Frankfurter API. There are no instructions to read arbitrary filesystem paths, environment variables, or to send data to unexpected endpoints.
✓ 安装机制
There is no install spec (instruction-only install), which is low risk. Source files are included in the skill bundle (TypeScript scripts) but nothing is downloaded from external URLs or extracted at install time.
✓ 凭证需求
The skill requires no environment variables, credentials, or config paths. The code does network calls to the advertised API only; it does not request or read secrets.
✓ 持久化与权限
The skill is not marked 'always: true' and it uses the platform default for autonomous invocation. It does not attempt to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/12
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install rainman-exchange-rate
镜像加速npx clawhub@latest install rainman-exchange-rate --registry https://cn.longxiaskill.com镜像同步中