首页龙虾技能列表 › nginx-explorer

nginx-explorer

v1.0.0

Explore nginx-proxied directories to discover tools and utilities. Use when: user asks to explore available tools, find utilities for specific tasks, or when...

0· 118·0 当前·0 累计
by @shaojun0·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/14
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill's declared purpose (discover tools behind an nginx index) matches its instructions, but it instructs the agent to download and execute arbitrary code from the configured server while omitting some runtime dependency declarations and safeguards — this combination is risky and inconsistent in places.
评估建议
This skill does what it says (discover and use tools on an nginx index), but it also instructs the agent to download and execute arbitrary code from the configured server — a high-risk operation if the server or its contents are not fully trusted. Before enabling or running this skill: - Only point NGINX_URL at servers you fully trust (ideally internal, isolated hosts). Do not use public or untrusted servers. - Require manual confirmation before any download+execute step (the skill currently d...
详细分析 ▾
用途与能力
The skill is described as an nginx directory explorer and the required primaryEnv (NGINX_URL) and curl binary match that purpose. However, the SKILL.md and README show workflows that download and execute Python scripts and install pip requirements, yet the skill does not declare Python, pip, or other runtime binaries as required. That mismatch (declared requirements too narrow for described behavior) is an incoherence to be aware of.
指令范围
Runtime instructions explicitly tell the agent to enumerate directories, read README.md files, download arbitrary files (scripts/archives), run pip install -r requirements.txt, chmod +x and execute downloaded tools. Those actions permit arbitrary remote code execution and potential data exfiltration or lateral movement. The instructions lack explicit, enforced safeguards (user confirmation, sandboxing, integrity checks, allowlists) and are broad enough to let an agent autonomously fetch and run untrusted code.
安装机制
This is an instruction-only skill with no install spec and no code files to run at install time, which minimizes install-time risk. There is nothing being downloaded or installed by the installer itself.
凭证需求
The only required environment variable declared is NGINX_URL (plus optional NGINX_SKIP_SSL_VERIFY). That is appropriate for discovery. However, the skill’s instructions assume other capabilities (python, pip, write access to /tmp or a downloadDir) but do not declare them as required — this under-declaration reduces transparency and may cause unexpected runtime behavior or privilege use.
持久化与权限
The skill does not request always:true and is user-invocable only. That is appropriate and avoids forced inclusion. One important note: because the platform allows autonomous invocation by default, the combination of autonomous invocation plus the skill's ability to fetch and execute remote code increases the operational risk if the agent is permitted to call the skill without human oversight.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/18

- Initial release of nginx-explorer skill. - Enables exploration of nginx-proxied directory structures to discover available tools and utilities. - Fetches directory listings and reads README.md files in each directory for tool descriptions and usage instructions. - Requires configuration of the base nginx URL; supports optional SSL verification skipping for internal/self-signed environments. - Integrates with OpenClaw workflows to aid in tool discovery and selection when conventional solutions fail. - Provides bash workflow examples for discovering, searching, downloading, and running tools from the nginx-served directories.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install nginx-explorer
镜像加速npx clawhub@latest install nginx-explorer --registry https://cn.clawhub-mirror.com

技能文档

Explore directories served by nginx to discover tools, utilities, and executable projects. Each main directory contains a README.md file that explains what's available and how to use it.

Configuration

This skill requires one environment variable:

  • NGINX_URL: The base URL of the nginx server (e.g., http://192.168.1.100:8080 or http://internal-tools.local)

Optional environment variable:

  • NGINX_SKIP_SSL_VERIFY: Set to true to skip SSL certificate verification (useful for internal networks with self-signed certificates). Default is true.

Configure in ~/.openclaw/openclaw.json: 

{
  skills: {
    entries: {
      "nginx-explorer": {
        enabled: true,
        env: {
          NGINX_URL: "http://your-nginx-server:port",
          NGINX_SKIP_SSL_VERIFY: "true"  // Optional: skip SSL verification for internal networks
        }
      }
    }
  }
}

When to Use

USE this skill when:

  • User asks "what tools are available?" or "explore the nginx directory"
  • OpenClaw needs to find utilities for specific tasks
  • User wants to discover executable projects in the nginx-proxied structure
  • When conventional approaches fail and exploring available tools might help

DON'T use this skill when:

  • Direct file access is available (use normal file operations instead)
  • The nginx URL is not configured
  • Simple file downloads are needed (use curl/wget directly)

Configuration

The skill requires one configuration item:

  • NGINX_URL: The base URL of the nginx server (e.g., http://192.168.1.100:8080 or http://internal-tools.local)

How It Works

  • Directory Discovery: Fetches the nginx directory listing (HTML)
  • README Reading: For each directory, reads the README.md file to understand contents
  • Tool Identification: Identifies executable projects and their usage instructions
  • Download & Execution: Can download tools locally and run them as needed

Basic Usage

1. Configure the nginx URL

First, set the nginx URL in your environment or workspace:

# Set as environment variable
export NGINX_URL="http://192.168.1.100:8080"
# Or store in workspace config
echo '{"nginx_url": "http://192.168.1.100:8080"}' > /home/node/.openclaw/workspace/nginx-config.json

2. Explore the Directory Structure

# Fetch directory listing
curl -s "$NGINX_URL/" | grep -o 'href="[^"]"' | grep -v '^href="\.' | cut -d'"' -f2

3. Read README Files

For each discovered directory:

# Check if README.md exists
curl -s -I "$NGINX_URL/tool-directory/README.md" | head -1 | grep "200"
# Read the README
curl -s "$NGINX_URL/tool-directory/README.md"

4. Download and Execute Tools

When a useful tool is found:

# Download the tool (assuming it's a script or archive)
curl -o /tmp/tool.sh "$NGINX_URL/tool-directory/tool.sh"
# Make executable if needed
chmod +x /tmp/tool.sh
# Run according to README instructions
/tmp/tool.sh --help

Workflow Examples

Example 1: Discovering Available Tools

#!/bin/bash
NGINX_URL="http://192.168.1.100:8080"
# Get all directories
echo "Exploring $NGINX_URL..."
DIRS=$(curl -s "$NGINX_URL/" | grep -o 'href="[^"]/"' | grep -v '^href="\.' | cut -d'"' -f2 | sed 's|/$||')
for dir in $DIRS; do
    echo "=== $dir ==="
    # Try to read README
    README=$(curl -s "$NGINX_URL/$dir/README.md" 2>/dev/null)
    if [ -n "$README" ]; then
        echo "$README" | head -5
    else
        echo "No README found"
    fi
    echo
done

Example 2: Finding a Specific Type of Tool

#!/bin/bash
NGINX_URL="http://192.168.1.100:8080"
# Search for tools related to "data processing"
echo "Searching for data processing tools..."
DIRS=$(curl -s "$NGINX_URL/" | grep -o 'href="[^"]/"' | grep -v '^href="\.' | cut -d'"' -f2 | sed 's|/$||')
for dir in $DIRS; do
    README=$(curl -s "$NGINX_URL/$dir/README.md" 2>/dev/null)
    if echo "$README" | grep -qi "data.process\|csv\|json\|transform"; then
        echo "Found in $dir:"
        echo "$README" | grep -i "data.*process\|csv\|json\|transform" | head -3
        echo "---"
    fi
done

Example 3: Downloading and Running a Tool

#!/bin/bash
NGINX_URL="http://192.168.1.100:8080"
TOOL_DIR="data-processor"
# Read instructions
README=$(curl -s "$NGINX_URL/$TOOL_DIR/README.md")
echo "Tool instructions:"
echo "$README"
# Download main script
curl -o /tmp/processor.py "$NGINX_URL/$TOOL_DIR/processor.py"
# Download dependencies if mentioned
if echo "$README" | grep -q "requirements.txt"; then
    curl -o /tmp/requirements.txt "$NGINX_URL/$TOOL_DIR/requirements.txt"
    pip install -r /tmp/requirements.txt
fi
# Run the tool
python /tmp/processor.py --help

Integration with OpenClaw Decision Making

This skill is designed to be used when OpenClaw encounters difficult problems. The workflow:

  • Problem Assessment: Determine if conventional approaches are failing
  • Tool Exploration: Use this skill to explore available utilities
  • Tool Selection: Identify tools that might help with the specific problem
  • Tool Application: Download and use the selected tool

Decision Flow

User Request → Can OpenClaw solve it directly? → Yes → Solve directly
                               ↓
                               No
                               ↓
                    Explore nginx directory
                               ↓
                    Read README files
                               ↓
              Find relevant tools/utilities
                               ↓
            Download and apply tool to problem

Error Handling

  • Connection Issues: Check if nginx URL is correct and accessible
  • Missing README: Some directories may not have README.md files
  • Broken Links: Verify tool files exist before downloading
  • Execution Failures: Check dependencies and permissions

Best Practices

  • Cache Discoveries: Store directory listings to avoid repeated requests
  • Validate Tools: Test tools in isolated environment before use
  • Clean Up: Remove downloaded files after use
  • Document Findings: Update workspace notes with useful tools discovered

Example README Structure

Tools in the nginx directory should follow this README format:

# Tool Name
Purpose

Brief description of what this tool does.
Usage
bash ./tool.sh [options] 


Dependencies


  • Python 3.8+
    • 

  • Required packages: requests, pandas
Examples
bash # Basic usage ./tool.sh --input data.csv --output results.json

# Advanced usage ./tool.sh --config config.yaml --verbose 



Notes

Any additional information or warnings.

Security Considerations

  • Only download from trusted nginx servers
  • Validate scripts before execution
  • Run in sandboxed environment when possible
  • Check for malicious code in downloaded files
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务