by 安全扫描
OpenClaw
安全
high confidenceThe skill's instructions and requirements are coherent: it uses the Membrane CLI to connect to Raygun, requests no unrelated credentials or system access, and is instruction-only.
评估建议
This skill is coherent but relies on the third-party Membrane service/CLI to broker access to Raygun. Before installing or using it: 1) Confirm you trust Membrane to store and use your Raygun credentials (review their privacy/security docs). 2) Prefer using npx or an isolated environment instead of npm -g, or inspect @membranehq/cli on the npm registry/GitHub before installing. 3) Do not paste Raygun API keys locally; follow the described browser-based login/connection flow so credentials remain...详细分析 ▾
✓ 用途与能力
Name/description (Raygun integration) align with the runtime instructions: all actions are performed via the Membrane CLI and a Membrane-hosted connection to Raygun. The skill does not ask for unrelated credentials or access. (Note: homepage points to Membrane rather than Raygun, which matches the implementation choice to broker Raygun via Membrane.)
✓ 指令范围
SKILL.md only instructs installing/using the @membranehq/cli, running membrane login/connect/action list/create/run, and user-driven browser-based authentication. It does not instruct the agent to read arbitrary files, access unrelated env vars, or exfiltrate data. The guidance to prefer Membrane for auth is explicit.
ℹ 安装机制
Install is an npm global install of @membranehq/cli (public npm). This is an expected way to obtain the CLI but carries the usual moderate risk of installing npm packages globally—consider using npx, a virtual environment, or reviewing the package source before installing.
✓ 凭证需求
The skill declares no required env vars or credentials. It relies on Membrane to handle Raygun credentials server-side, which is proportionate to the stated purpose. Users should be aware that Membrane will hold and manage the Raygun credentials and access to Raygun data.
✓ 持久化与权限
always is false and there are no install scripts or instructions to modify other skills or system-wide settings. The skill is instruction-only and does not request elevated or persistent platform privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install raygun
镜像加速npx clawhub@latest install raygun --registry https://cn.longxiaskill.com 镜像可用