원클릭으로 Manus에서 모든 스킬 실행

시작하기

skill-vetter

面向 AI Agent 的安全优先技能审查工具。在从 ClawdHub、GitHub 或其他来源安装任何技能之前使用，检查危险标志、权限范围和可疑模式。

Manus에서 실행

개요

面向 AI Agent 的安全优先技能审查工具。在从 ClawdHub、GitHub 或其他来源安装任何技能之前使用，检查危险标志、权限范围和可疑模式。

설치 명령

npx skills add https://github.com/alter123-zz/RaccoonClaw --skill skill-vetter

이 명령을 Claude Code에 복사하여 붙여넣어 스킬을 설치하세요

출처

alter123-zz/RaccoonClaw

스타18

포크6

업데이트2026년 4월 2일 05:17

파일 탐색기

2 개 파일

SKILL.md

readonly

name	skill-vetter
version	1.0.0
description	面向 AI Agent 的安全优先技能审查工具。在从 ClawdHub、GitHub 或其他来源安装任何技能之前使用，检查危险标志、权限范围和可疑模式。
metadata	{"openclaw":{"emoji":"🔒"}}

Skill Vetter 🔒

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

Before installing any skill from ClawdHub
Before running skills from GitHub repos
When evaluating skills shared by other agents
Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Risk Level	Examples	Action
🟢 LOW	Notes, weather, formatting	Basic review, install OK
🟡 MEDIUM	File ops, browser, APIs	Full code review required
🔴 HIGH	Credentials, trading, system	Human approval required
⛔ EXTREME	Security configs, root access	Do NOT install

Output Format

After vetting, produce this report:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
───────────────────────────────────────
METRICS:
• Downloads/Stars: [count]
• Last Updated: [date]
• Files Reviewed: [count]
───────────────────────────────────────
RED FLAGS: [None / List them]

PERMISSIONS NEEDED:
• Files: [list or "None"]
• Network: [list or "None"]  
• Commands: [list or "None"]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]

VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations]
═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

Official OpenClaw skills → Lower scrutiny (still review)
High-star repos (1000+) → Moderate scrutiny
Known authors → Moderate scrutiny
New/unknown sources → Maximum scrutiny
Skills requesting credentials → Human approval always

Remember

No skill is worth compromising security
When in doubt, don't install
Ask your human for high-risk decisions
Document what you vet for future reference

Paranoia is a feature. 🔒🦀

이 저장소의 다른 Skills

같은 저장소

agent-mbti

alter123-zz/RaccoonClaw

AI Agent personality diagnosis and configuration system based on MBTI framework. Use when users want to (1) test/diagnose an Agent's personality type, (2) understand the gap between Agent's actual personality and user's desired personality, (3) generate configuration recommendations to adjust Agent behavior, (4) customize Agent's communication style, proactivity, reasoning approach, or execution patterns. Supports both free tier (quick assessment) and premium tier (full 93-question assessment with detailed diagnostics).

2026-04-0218

cantian-bazi

alter123-zz/RaccoonClaw

八字排盘与农历/干支日期查询技能。用于用户请求“算八字”“四柱排盘”“阳历/农历时间转八字”“查询某天农历或干支日期”“查黄历/宜忌”等场景；关键词包括：八字、四柱、命理、阳历转八字、农历转八字、黄历、宜忌、干支日期、农历日期。 / Bazi charting and Chinese calendar conversion skill. Use for requests like “calculate my Bazi”, “Four Pillars chart”, “convert solar/lunar datetime to Bazi”, “check Chinese almanac (huangli)”, or “check auspicious/inauspicious activities (yi-ji) for a date”; keywords include: Bazi, Four Pillars, solar-to-Bazi, lunar-to-Bazi, Chinese calendar, Chinese almanac (huangli), yi-ji, heavenly stems and earthly branches.

2026-04-0218

find-skills

alter123-zz/RaccoonClaw

帮助用户发现和安装 Agent 技能。当用户提出类似"我怎么做 X"、"找一个能做 X 的技能"、"有没有可以……的技能"等问题，或表达出扩展功能的需求时触发。当用户寻找的功能可能以可安装技能的形式存在时，应使用此技能。

2026-04-0218

humanize-ai-text

alter123-zz/RaccoonClaw

AI 生成文本人性化改写。将 ChatGPT、Claude、GPT 等生成的内容改写为自然流畅的表达，可通过 GPTZero、Turnitin、Originality.ai 等 AI 检测工具。基于维基百科"AI 写作特征"指南，让机械化的 AI 文本变得自然且不可检测。

2026-04-0218

imap-smtp-email

alter123-zz/RaccoonClaw

通过 IMAP/SMTP 收发邮件。支持查看新邮件/未读邮件、获取邮件内容、搜索邮箱、标记已读/未读，以及发送带附件的邮件。兼容所有 IMAP/SMTP 邮件服务器，包括 Gmail、Outlook、163.com、vip.163.com、126.com、vip.126.com、188.com 和 vip.188.com。

2026-04-0218

multi-search-engine

alter123-zz/RaccoonClaw

多搜索引擎聚合，集成 17 个引擎（8 个国内 + 9 个国际）。支持高级搜索语法、时间筛选、站内搜索、隐私引擎和 WolframAlpha 知识查询。无需 API 密钥。

2026-04-0218

출처

alter123-zz

alter123-zz/RaccoonClaw

GitHub 저장소 열기 Creator 저장소 보기

설치 명령

다운로드

Manus에서 실행

유용한 대상SOC

소프트웨어 품질 보증 분석가·테스터컴퓨터 및 수학직15-1253L4

name	skill-vetter
version	1.0.0
description	面向 AI Agent 的安全优先技能审查工具。在从 ClawdHub、GitHub 或其他来源安装任何技能之前使用，检查危险标志、权限范围和可疑模式。
metadata	{"openclaw":{"emoji":"🔒"}}

Skill Vetter 🔒

Security-first vetting protocol for AI agent skills. Never install a skill without vetting it first.

When to Use

Before installing any skill from ClawdHub
Before running skills from GitHub repos
When evaluating skills shared by other agents
Anytime you're asked to install unknown code

Vetting Protocol

Step 1: Source Check

Questions to answer:
- [ ] Where did this skill come from?
- [ ] Is the author known/reputable?
- [ ] How many downloads/stars does it have?
- [ ] When was it last updated?
- [ ] Are there reviews from other agents?

Step 2: Code Review (MANDATORY)

Read ALL files in the skill. Check for these RED FLAGS:

🚨 REJECT IMMEDIATELY IF YOU SEE:
─────────────────────────────────────────
• curl/wget to unknown URLs
• Sends data to external servers
• Requests credentials/tokens/API keys
• Reads ~/.ssh, ~/.aws, ~/.config without clear reason
• Accesses MEMORY.md, USER.md, SOUL.md, IDENTITY.md
• Uses base64 decode on anything
• Uses eval() or exec() with external input
• Modifies system files outside workspace
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────

Step 3: Permission Scope

Evaluate:
- [ ] What files does it need to read?
- [ ] What files does it need to write?
- [ ] What commands does it run?
- [ ] Does it need network access? To where?
- [ ] Is the scope minimal for its stated purpose?

Step 4: Risk Classification

Risk Level	Examples	Action
🟢 LOW	Notes, weather, formatting	Basic review, install OK
🟡 MEDIUM	File ops, browser, APIs	Full code review required
🔴 HIGH	Credentials, trading, system	Human approval required
⛔ EXTREME	Security configs, root access	Do NOT install

Output Format

After vetting, produce this report:

SKILL VETTING REPORT
═══════════════════════════════════════
Skill: [name]
Source: [ClawdHub / GitHub / other]
Author: [username]
Version: [version]
───────────────────────────────────────
METRICS:
• Downloads/Stars: [count]
• Last Updated: [date]
• Files Reviewed: [count]
───────────────────────────────────────
RED FLAGS: [None / List them]

PERMISSIONS NEEDED:
• Files: [list or "None"]
• Network: [list or "None"]  
• Commands: [list or "None"]
───────────────────────────────────────
RISK LEVEL: [🟢 LOW / 🟡 MEDIUM / 🔴 HIGH / ⛔ EXTREME]

VERDICT: [✅ SAFE TO INSTALL / ⚠️ INSTALL WITH CAUTION / ❌ DO NOT INSTALL]

NOTES: [Any observations]
═══════════════════════════════════════

Quick Vet Commands

For GitHub-hosted skills:

# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | jq '.[].name'

# Fetch and review SKILL.md
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

Trust Hierarchy

Official OpenClaw skills → Lower scrutiny (still review)
High-star repos (1000+) → Moderate scrutiny
Known authors → Moderate scrutiny
New/unknown sources → Maximum scrutiny
Skills requesting credentials → Human approval always

Remember

No skill is worth compromising security
When in doubt, don't install
Ask your human for high-risk decisions
Document what you vet for future reference

Paranoia is a feature. 🔒🦀