📦 Dirs Submit — 目录提交工具
v1.0.2CLI 包装 aidirs.org 与 backlinkdirs.com 提交 API,一键登录、提交 URL、预览站点元数据,自动化完成目录站收录。
0· 71·1 当前·1 累计
by 下载技能包
最后更新
2026/4/3
安全扫描
OpenClaw
安全
medium confidenceThe skill's declared purpose (wrapping aidirs.org/backlinkdirs.com via the ship CLI) matches its instructions and requirements; it reads/writes a local config file and can download release assets for self-update — reasonable for this tool but with expected risks around installing and updating code from the network.
评估建议
This skill appears to do what it says: it wraps the ship CLI to log in (browser OAuth), store tokens in ~/.config/ship/config.json, submit/fetch URLs, and self-update from GitHub releases. Before installing or using it, inspect any install script (the README suggests curl | bash from raw.githubusercontent.com) and the release assets the tool downloads for updates. Be aware the tool will store bearer tokens on disk and can replace its own executable during self-update — if you run the installer o...详细分析 ▾
✓ 用途与能力
The skill claims to wrap two directory submission APIs and the instructions only reference the ship CLI, the two sites (aidirs.org and backlinkdirs.com), local token storage, and API endpoints for submit/fetch. There are no unrelated credentials, binaries, or paths requested.
ℹ 指令范围
SKILL.md directs the agent to run the ship CLI, open a browser for OAuth-style login, start a localhost callback to receive tokens, and read/write ~/.config/ship/config.json. It also instructs checking GitHub releases and performing self-update downloads. These actions are within scope for a CLI that logs in, stores tokens, submits URLs, previews metadata, and self-updates — but reading/writing the token config and fetching remote release assets are notable behaviors the user should be aware of.
ℹ 安装机制
The registry entry has no formal install spec (instruction-only), but README suggests installing via a curl | bash installer hosted on raw.githubusercontent.com and README/self-update behavior relies on GitHub release assets. Fetching scripts or binaries from GitHub releases is common, but it is a network-download install method (moderate risk). There is no evidence of obscure or malicious hosts in the provided text.
✓ 凭证需求
No required environment variables are declared. The skill documents optional fallbacks (DIRS_TOKEN and DIRS_BASE_URL) which are appropriate for a CLI that can use either stored tokens or env-provided token/base URL. The only config path is ~/.config/ship/config.json where tokens are stored; this is proportionate to the stated purpose.
ℹ 持久化与权限
always:false (normal). The CLI will persist tokens to ~/.config/ship/config.json and supports a self-update that replaces the local executable with a downloaded release asset. Persisting its own config is expected; self-updating (replacing the binary) is functionally coherent but raises the usual caution: downloaded update code executes with the user's privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/4/3
Repository sync release
● 可疑
安装命令
点击复制官方npx clawhub@latest install dirs-submit
镜像加速npx clawhub@latest install dirs-submit --registry https://cn.longxiaskill.com