by 安全扫描
OpenClaw
安全
high confidenceThis is an instruction-only documentation-testing skill that is internally consistent with its stated purpose and requests no unusual permissions, but avoid pasting secrets into docs and note the publisher is unknown.
评估建议
This skill appears to do what it says: spawn a fresh tester agent and report documentation gaps. Before using it: (1) do not paste secrets, credentials, or private config into the documentation you test — those will be visible to the spawned agent and may be logged; (2) confirm your platform's sessions_spawn behavior and logs/retention so you know who can read tester outputs; (3) because the package metadata lacks a homepage/source, prefer running it on non-production, sandboxed content first to...详细分析 ▾
✓ 用途与能力
The files (SKILL.md, TESTER.md, GAPS.md) describe a doc-testing methodology and the runtime instructions are limited to spawning a fresh tester agent with provided documentation. The skill declares no environment variables, binaries, config paths, or install steps — everything requested is proportional to the stated purpose. The only minor metadata oddity is there is no human-friendly description/homepage and the source is 'unknown', which reduces provenance but doesn't contradict purpose.
✓ 指令范围
The SKILL.md and TESTER.md instruct the agent to run sessions_spawn with the TESTER prompt and only use the provided docs. They do not direct the agent to read local files, system environment variables, or contact external endpoints beyond the platform's session API. One operational caution: any documentation you paste into the tester will be visible to the spawned agent (and may be logged by the platform), so do not include secrets or sensitive configuration in the docs you submit.
✓ 安装机制
There is no install specification and no code files to execute; this is an instruction-only skill, which is the lowest-risk install model.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. This is appropriate for a documentation-testing tool. The only proportionality consideration is user-supplied content: docs given to the tester should not contain secrets or private keys.
✓ 持久化与权限
The skill does not request persistent presence (always: false) and uses normal autonomous invocation (disable-model-invocation: false), which is expected for a utility skill. It does not attempt to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/8
Initial release
● 无害
安装命令 点击复制
官方npx clawhub@latest install rtfm-testing
镜像加速npx clawhub@latest install rtfm-testing --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制