📦 Self-Improving Supply Chain — 实用工具
v1.2.0和 demand signal shifts enable continuous supply ch...
0· 98·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill's files, scripts, and instructions are consistent with its stated purpose (capturing and promoting supply‑chain learnings); it requires no credentials, does not contact external endpoints, and its hooks/scripts operate locally and opt-in.
评估建议
This skill appears internally consistent, but review a few practical points before installing: (1) Confirm you are comfortable having a lightweight reminder and local log files (.learnings/) added to your workspace/home — the scripts will create files if missing. (2) The error-detector reads CLAUDE_TOOL_OUTPUT (hook context) which can contain command output; avoid enabling PostToolUse hooks in contexts where sensitive data might appear, or add matcher filters to limit triggers. (3) The extract s...详细分析 ▾
✓ 用途与能力
The skill's name/description align with its code and docs: reminders, local logs (.learnings/), a skill-extraction helper, and optional OpenClaw hooks. No unrelated credentials, external network calls, or unexpected binaries are requested. The extract script creates local skill scaffolds and includes safeguards (no absolute paths, no '..' segments).
✓ 指令范围
SKILL.md and hook scripts limit behavior to generating reminders, creating/initializing .learnings/ files, and scaffolding local skill markdown. The error-detector reads the CLAUDE_TOOL_OUTPUT hook context (documented) to detect supply‑chain keywords and only prints a reminder; it does not transmit output externally. SKILL.md explicitly warns not to log proprietary pricing/PII and states the skill does not place orders.
✓ 安装机制
No installer or external downloads are used. This is an instruction+script bundle intended to be copied into the user's OpenClaw workspace/hooks. All scripts are local shell/JS/TS files; no archives or network fetches are performed by the skill itself.
✓ 凭证需求
The skill declares no required environment variables or credentials. The only environment usage is the error-detector reading CLAUDE_TOOL_OUTPUT (an expected hook-provided variable) and scripts operating on local workspace paths — proportional to the stated purpose.
✓ 持久化与权限
always is false and hooks are opt-in. Hook files inject a virtual reminder into the agent bootstrap when enabled; enabling requires explicit user action (openclaw hooks enable or copying files). The skill does not request system-wide or permanent elevated privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install self-improving-supply-chain
镜像加速npx clawhub@latest install self-improving-supply-chain --registry https://cn.longxiaskill.com镜像同步中