by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent for fetching and filtering Hacker News via the x-cmd tool. Before using it: (1) ensure x-cmd is installed from a source you trust; (2) inspect ~/.x-cmd.root/X before sourcing it (sourcing runs arbitrary code in your shell); (3) verify you have or install safe tools used by the examples (jq, sed, sort); (4) if you prefer to avoid sourcing a third-party init script, use the Hacker News API or hn.algolia.com directly or run equivalent commands only after reviewing x-cmd's ins...详细分析 ▾
✓ 用途与能力
Name/description (fetch and analyze Hacker News) match the instructions which call an x-cmd 'hn' command and use standard UNIX tools (jq/sed/sort). The declared file requirement (~/.x-cmd.root/X) aligns with the SKILL.md's explicit need to source the x-cmd environment.
ℹ 指令范围
Instructions are narrowly focused on fetching HN data and filtering it with x jq and standard shell tools. However, the skill requires you to source ~/.x-cmd.root/X before use — sourcing executes that file in your shell, so you must trust that file (and the x-cmd installation) because it can run arbitrary commands and affect your environment.
✓ 安装机制
No install spec or code files are included; this is instruction-only and does not download or install artifacts. Lower-risk in that nothing is written/executed by the skill itself, but it relies on an external tool (x-cmd) which must be obtained separately.
✓ 凭证需求
The skill requests no environment variables, credentials, or unrelated config paths. The single required path is the x-cmd initialization script which is reasonable for a wrapper that delegates work to x-cmd.
✓ 持久化与权限
The skill is not always-on and does not request elevated or persistent privileges. It does not modify other skills or system-wide settings per the provided content.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/27
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install x-hn
镜像加速npx clawhub@latest install x-hn --registry https://cn.longxiaskill.com镜像同步中