by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent with its stated purpose (an adversarial cross‑model review orchestration): it requires no unrelated credentials or installs, and its instructions and helper script align with the described autonomous review loop — but it intentionally sends user-provided plan content to external models, so the user must avoid embedding secrets or PII.
评估建议
This skill appears to do what it says: it orchestrates an adversarial review loop between two different models and includes on-disk helpers and templates. Before installing or running it, consider the following: (1) Do NOT include secrets, credentials, or PII in plan content or codebase context — those are sent to third-party model APIs. (2) Prefer static/human‑mediated mode for sensitive plans (alternating mode is fully autonomous). (3) Ensure the platform's sessions_spawn uses trusted provider...详细分析 ▾
✓ 用途与能力
Name/description, CLI, templates, and scripts all implement an adversarial cross-model review loop (static and alternating modes). The included Node.js helper (scripts/review.js) manages workspaces, parsing, dedup, and verdicts — this is expected and proportionate to the skill's purpose. There are no unrelated env vars, binaries, or surprising external services requested.
ℹ 指令范围
SKILL.md instructs the agent to spawn reviewer/writer sub-agents (sessions_spawn) and to save/parse JSON responses; templates explicitly wrap plan content in UNTRUSTED delimiters and require structured JSON output. This stays within the review orchestration scope, but the skill necessarily transmits plan content to third‑party models and relies on instruction-level sandboxing to mitigate prompt injection. The SKILL.md acknowledges that this is a prompt-level protection (not an API-level isolation) and warns of limitations.
✓ 安装机制
No install spec; skill is instruction-first and ships helper scripts and tests that run under Node.js >=18. No downloads from external URLs or package-install steps. The codebase claims zero external dependencies and uses only Node stdlib. This is a low-risk install footprint.
✓ 凭证需求
The skill declares no required environment variables or credentials. It does assume the platform's sessions_spawn mechanism will provide model access (so the platform will use whatever model/provider credentials it normally has). The absence of required secrets is appropriate; however, users must not include secrets/PII in plan or codebase_context because those values will be sent to external model APIs.
✓ 持久化与权限
always:false and no special privileges. The skill writes run artifacts only to a workspace directory supplied at init (user-controlled path). It does not request system-wide changes or modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.1.02026/2/21
Round 0 criteria negotiation: Model A proposes 5 task-specific acceptance criteria, Model B challenges/refines. Agreed criteria injected into all reviewer prompts. New command: save-criteria. Backward compatible.
● 无害
安装命令
点击复制官方npx clawhub@latest install cross-model-review
镜像加速npx clawhub@latest install cross-model-review --registry https://cn.longxiaskill.com