首页 / 技能 / t — 智能技能推荐

📦 t — 智能技能推荐

v1.0.0

当用户提问“怎么做X”“找能做X的技能”“有没有技能可以…”等需求时,自动理解意图并推荐可安装的 agent 技能,帮助快速找到合适工具。

0· 189·0 当前·0 累计
rainsakurawetc 头像by @rainsakurawetc (RainSakuraWetc)
智能体网络工具
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill is coherent — it helps find and install other skills — but it instructs the agent to fetch and install third‑party code (via npx) and even recommends skipping confirmations and installing globally. Before enabling or letting the agent run this skill autonomously: 1) Prefer manual review of search results and the target skill's GitHub page on skills.sh before installing. 2) Avoid using the '-y' flag or global installs; require explicit user confirmation for any 'npx skills add' operati...
详细分析 ▾
用途与能力
The name/description and the runtime instructions consistently describe a 'find and install skills' helper that uses the Skills CLI (npx skills). There are no unrelated required env vars, binaries, or config paths.
指令范围
The SKILL.md directs the agent to run npx skills find/add commands and to install skills with 'npx skills add <owner/repo@skill> -g -y'. That instructs fetching and executing third‑party code and explicitly recommends skipping user confirmation (-y) and installing globally (-g). While these steps are functionally required for installing skills, recommending bypassing prompts and global installs broadens the scope and risk of actions the agent will take.
安装机制
This is an instruction-only skill (no install spec). It relies on npx to fetch packages from public registries/GitHub, which is a common but moderate-risk mechanism because it executes remote code. The SKILL.md points to skills.sh (a central index) — that is expected and preferable to arbitrary personal URLs.
凭证需求
The skill requests no environment variables, credentials, or config paths. However, the recommended global installs (-g) will modify the user's environment, which is an expected but impactful side effect of the skill's purpose.
持久化与权限
The skill is not marked 'always: true', but platform defaults allow autonomous invocation (disable-model-invocation: false). Combined with explicit instructions to run 'npx skills add ... -g -y', an autonomously invoked agent could install arbitrary third‑party code without additional user confirmation. That increases blast radius and warrants caution.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/19

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install t
镜像加速npx clawhub@latest install t --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库