by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears coherent and limited to backing up and restoring the seven named markdown files to a private GitHub repo. Before installing/running: ensure your GitHub CLI (gh) is installed and authenticated with the account you expect (gh auth status); verify which GitHub owner/account will be used (the script queries gh api user if GITHUB_OWNER is unset); inspect the remote repo contents on GitHub before running a first-time restore to avoid unintended overwrite; confirm where the skill wil...详细分析 ▾
✓ 用途与能力
Name/description, SKILL.md, and the included script all focus on managing the fixed set of core markdown files and the fixed private repo `soul-undead`. Required tools (gh, git, python3) are appropriate for interacting with GitHub and handling state files. No unrelated credentials or binaries are requested.
ℹ 指令范围
Runtime instructions and the script limit actions to the stated file list and to the GitHub repo. The script will create a timestamped local snapshot before overwriting local files and writes a small state file to the skill directory. One minor mismatch: SKILL.md documents the snapshot/state path under ~/.openclaw/workspace/skills/soul-undead/, while the script uses SKILL_DIR (the script's parent dir) for local-backups and state by default — this is probably fine if the installed skill lives in that workspace path but should be confirmed during install. Behavior that can overwrite local defaults on first restore is documented and intentional.
✓ 安装机制
This is an instruction-only skill with an included shell script; there is no external install/download step or arbitrary URL fetch. Nothing is written to disk beyond what the script itself does at runtime (snapshots, state file).
✓ 凭证需求
The skill requests no secrets or environment variables by default. It relies on the user's GitHub CLI authentication (gh), which is appropriate and necessary for creating/reading/writing the private GitHub repo. Optional overrides (OPENCLAW_BACKUP_REPO, OPENCLAW_WORKSPACE, OPENCLAW_BACKUP_STATE_FILE, GITHUB_OWNER) are reasonable and documented.
✓ 持久化与权限
The skill does not request always:true or other elevated agent privileges. It writes only its own state file and local-backups inside its skill directory and does not modify other skills or global agent configs. Autonomous invocation is allowed by default (platform normal) but not elevated here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/3/28
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install soul-undead
镜像加速npx clawhub@latest install soul-undead --registry https://cn.longxiaskill.com