by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill appears to do what it says, but take these precautions before installing or using it:
- Understand the tool endpoints: the skill will call wiki_retriever, url_scraping, and multiple editor_call_* LLM tools. Confirm who operates those tools and where your document text will be sent (third-party LLMs or internal services).
- Avoid feeding sensitive documents: the skill mandates reading ALL attachments and scraping URLs found within them. If your attachments contain confidential data, do...详细分析 ▾
✓ 用途与能力
Name and description align with runtime instructions: the skill instructs the agent to read provided source documents/KB entries and produce edited content. The tools and steps (read documents, consult URLs, generate text, submit results) are coherent with an editing workflow.
ℹ 指令范围
The SKILL.md mandates reading ALL attached files, using a knowledge-base retriever when KB documents are referenced, identifying URLs inside those documents, and (if any URLs are found) scraping up to five URLs. It also instructs parallel calls to multiple LLM tools when the user requests multiple versions. These behaviors are reasonable for a thorough editor, but they broaden data exposure: attachments and their contents will be sent to the platform's tools and external scraping endpoints and multiple LLM backends may receive document content.
✓ 安装机制
Instruction-only skill with no install spec and no code files. Nothing is written to disk or installed by the skill itself.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. However, the skill references many platform tools (wiki_retriever, url_scraping, several editor_call_* LLM tools, submit_result) that will receive document/text data at runtime — the skill does not require additional secrets itself, but using it will cause data to be transmitted to whatever backends implement those tools.
✓ 持久化与权限
always is false and there is no indication the skill modifies agent/system-wide settings or other skills. It does require calling platform tools but does not request permanent presence or elevated privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/15
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install chief-editor
镜像加速npx clawhub@latest install chief-editor --registry https://cn.longxiaskill.com