📦 Ryder-Super-Pack — 超级工具包
v1.0.1为 OpenClaw/Codex 优化的超级技能合集,整合 Perplexity + Claude Code 11 领域能力,支持专业引用加载、代码生成、数据分析、文件处理和自动化部署,一键调用多模型与外部 API,显著提升全栈开发与研究效率。
0· 80·0 当前·0 累计
by 下载技能包
最后更新
2026/3/24
安全扫描
OpenClaw
可疑
medium confidence该技能的说明与其宣称的多领域用途大致相符,但包含操作文件、执行 shell 命令及向外部通道发送数据的工具行为,且未声明任何凭据;同时 SKILL.md 检测到提示注入信号(Unicode 控制字符)。用户安装前需审阅并限制使用。
评估建议
该合集整体符合其宣称用途,但赋予代理读取工作区文件、执行 shell 命令、生成子代理及向外部通道推送数据的权限——包括明确处理敏感资料(银行账单、DSR、传票)的流程。安装前:1) 审查 SKILL.md 中隐藏/混淆字符(扫描发现 Unicode 控制字符)并删除;2) 先在隔离/测试工作区运行;3) 确保运行时连接器(API、Telegram/Discord 钩子、部署凭据)使用最小权限并有文档说明——技能未声明所需环境变量;4) 在充分信任其行为前,勿对敏感生产数据运行;5) 监控代理活动(exec/fs/web_fetch 调用、外发网络请求),任何自动外部发布或传输需人工批准。如需更高保证,请向作者/来源索取来源证明及明确列出所需凭据与外部端点的版本。...详细分析 ▾
✓ 用途与能力
The name/description (a multi-domain 'super-pack' for OpenClaw) aligns with the content: the SKILL.md and references provide domain-specific workflows that explicitly rely on OpenClaw tools (exec, fs, web_fetch, web_search, subagent spawn, memory). There is no obvious mismatch between claimed purpose and the referenced capabilities.
⚠ 指令范围
Instructions instruct the agent to read/write workspace files, run shell commands (exec), spawn subagents, ingest web content, and interact with outputs/channels (Telegram/Discord/HTTP). Many workflows explicitly reference handling sensitive artifacts (bank statements, DSRs, subpoenas, GL extracts) and using tools like grep, pdftotext, yt-dlp, ffmpeg. Because the skill is instruction-only, these runtime actions will be executed with whatever runtime privileges/connectors the agent has — the SKILL.md gives broad discretion (e.g., 'use exec to deploy to a public URL if configured') which could enable data exfiltration or unintended external posting unless constrained by the runtime.
✓ 安装机制
No install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by an installer as part of skill installation itself. The security surface is the runtime instructions rather than any downloaded code.
ℹ 凭证需求
The skill declares no required env vars or credentials, yet many referenced actions assume external APIs or connectors (Stripe, HubSpot, EDGAR, Telegram/Discord, deployment targets). This is not necessarily malicious — it expects the OpenClaw runtime to provide connectors — but it is a gap: the skill does not document which credentials will be required at execution time, which increases risk (unexpected credential use or accidental leakage).
✓ 持久化与权限
always:false and no install means the skill does not demand permanent or elevated platform presence. It instructs writing to workspace/memory and spawning subagents, which is normal for an agent-focused skill. Autonomous invocation is permitted by default (disable-model-invocation:false) but that is standard and not in itself a red flag — combine this with the other concerns when deciding.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/24
名称变更
● 可疑
安装命令
点击复制官方npx clawhub@latest install ryder-super-pack
镜像加速npx clawhub@latest install ryder-super-pack --registry https://cn.longxiaskill.com
技能文档
- 工具优先执行:工作流已适配 OpenClaw 工具(
exec运行脚本、fs管理文件、web_fetch/web_search进行研究)。 - 子代理编排:AI Builder 领域针对
subagents spawn模式调优,最大化我作为领导者的角色。 ## 📁 领域参考 1. AI Agent Builder:references/ai-agent.md——RAG、MCP、子代理协同。 - Dev & Engineering:references/dev.md——全栈、QA、DevOps(使用
exec/python)。 - Marketing:references/marketing.md——SEO、增长、竞争情报(使用
web_search)。 - Sales:references/sales.md——外拓、管道管理。
- Finance:references/finance.md——分析、预测。
- Legal:references/legal.md——合规、风险评估。
- Product Management:references/pm.md——PRD、路线图(RICE/MoSCoW)。
- Operations & CX:references/operations.md——分流、升级。
- Research & Knowledge:references/research.md——深度研究、知识图谱。
- Content & Creative:references/content.md——图像/视频/语音生成逻辑。 ## 🛠️ 集成工作流 - 策略:执行差距分析(标准 AI 知道什么 vs. 本包补充什么)。
- 执行:部署子代理处理专业子任务。
- 验证:使用
skill-vetter(若可用)按领域清单审计最终输出。 --- 由 Ryder 为市长的 OpenClaw 环境优化。 🐕🦺🚀