by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do exactly what it says: convert coordinates using the gcoord npm library. Before installing, ensure the agent environment has Node.js (index.js is invoked with `node`; package.json lists node >=16.11.0 in the dependency entry), and be prepared to run `npm install` (the package-lock references the npmmirror registry — a common mirror, but if you prefer the official registry you can run installation against registry.npmjs.org). There are no requested credentials or external ...详细分析 ▾
ℹ 用途与能力
Name/description match the included code: index.js implements coordinate conversions using the gcoord npm package. Minor mismatch: SKILL.md and metadata list no required binaries, but the runtime assumes node is available (index.js is invoked with `node`).
✓ 指令范围
SKILL.md confines runtime behavior to parsing user input, asking the user for missing parameters, and invoking the included index.js to perform conversions. It does not instruct reading unrelated files, sending data to external endpoints, or accessing environment secrets.
ℹ 安装机制
No install spec (instruction-only) and code files are included. package-lock.json references gcoord resolved from registry.npmmirror.com (an npm mirror). There are no download-from-arbitrary-URL installs or extract steps in the skill manifest.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. The code likewise does not read env vars or secrets.
✓ 持久化与权限
always is false, the skill doesn't request persistent/system-wide changes, and it does not modify other skills or agent-wide configurations.
⚠ test/test.js:9
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/3/23
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install gcoord
镜像加速npx clawhub@latest install gcoord --registry https://cn.longxiaskill.com镜像同步中