Input Validator — 技能工具
v1.0.0温和的输入验证器,检测网页/文件/消息中的恶意内容。支持危险内容阻止和可疑内容警告,不影响正常使用。
0· 316·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThis skill does what its name says — a small, Python-based input validator with no extra credentials or opaque installs — and the files and runtime instructions are consistent with that purpose.
评估建议
This skill is internally consistent and low-risk: it runs a local Python script that scans text with regexes and requires no credentials. Before installing, you may want to: (1) review or tune the regex lists — they may be over- or under-inclusive for your use case; (2) avoid enabling the optional 'self-reflection' grep lines that read /var/log if you do not want the agent reading system logs; and (3) remember this is a heuristic filter (not a sandbox) — it can warn/block obvious patterns but is...详细分析 ▾
✓ 用途与能力
Name/description match the included Python script and SKILL.md. The only required binary is python3 and the code implements pattern-based detection for dangerous/suspicious text, which aligns with the stated purpose.
ℹ 指令范围
Runtime instructions and integration examples stay within input validation (call validate_input on fetched/uploaded content). One SKILL.md snippet suggests adding self-reflection grep commands that read /var/log (optional telemetry lines); that touches system logs and is outside pure validation, so treat those parts as optional and review before enabling them.
✓ 安装机制
No install spec (instruction-only) and only a small Python script is included. Nothing is downloaded or extracted from remote URLs; low install risk.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The script's detection patterns include strings that look like credential requests (e.g., 'api.*key') but those are detection patterns, not requirements. Overall credential access is proportionate.
✓ 持久化与权限
always is false and the skill does not request persistent or elevated privileges or modify other skills. It does suggest optional integration snippets, but nothing forces persistent presence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/28
Initial release of input-validator: a gentle input checking tool for web, file, and message security. - Detects obvious malicious content (deletion, downloads, reverse shells, privilege escalation, mining, etc.) and blocks it. - Warns about suspicious inputs (prompt injection, jailbreak, safety bypass attempts) without affecting normal use. - Fast checks (<50ms), low memory, and minimal false/negative rates. - Simple integration: command-line or Python function, agent- and skill-friendly. - Easy to customize rules and strictness for different use cases.
● 无害
安装命令 点击复制
官方npx clawhub@latest install input-validator
镜像加速npx clawhub@latest install input-validator --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制