by 安全扫描
OpenClaw
安全
high confidenceThe skill's requested actions (scanning HTML files and making HTTP requests to links) match its description; no credentials, hidden endpoints, or obvious exfiltration are present, though there are small metadata/instruction mismatches and operational considerations to be aware of.
评估建议
This skill appears to do what it says: it reads HTML files and issues HTTP requests to test links. Before running: (1) be explicit about SITE_DIR when invoking (SKILL.md treats it as required even though the registry doesn't), (2) understand the script will make outbound requests to every discovered URL (which can be slow, generate traffic to third parties, or trigger rate limits), (3) set LINK_CHECK_TIMEOUT to a sensible value and consider running on a copy of your site if you want to avoid con...详细分析 ▾
✓ 用途与能力
Name/description (link checking, broken/redirect/slow/affiliate detection) aligns with the included scripts. The scripts only read HTML files and make HTTP requests to discovered links, which is coherent with the stated purpose.
ℹ 指令范围
Runtime instructions and scripts stay within scope: they search for *.html files, extract href values, and use curl to check link status. They do make outbound network requests to every discovered URL (following redirects with -L) — expected for a link checker but worth noting because it will contact arbitrary third-party servers found in the site content. Scripts skip mailto, anchors, and javascript: links. No instructions attempt to access unrelated system secrets or config.
✓ 安装机制
No install spec; scripts are included and executed directly. This is low-risk compared with remote downloads or package installs.
ℹ 凭证需求
SKILL.md documents an expected required environment variable (SITE_DIR) plus optional LINK_CHECK_TIMEOUT and AFFILIATE_DOMAINS, but the registry metadata lists no required env vars. The binaries declared (curl, python3) are appropriate, though the scripts also rely on standard POSIX utilities (find, grep, sed, mktemp, date, bc) which are typically present but not declared. No credentials or sensitive environment variables are requested.
✓ 持久化与权限
The skill does not request persistent/always-on privileges and does not modify other skills or system-wide settings. It runs on-demand and prints reports to stdout.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/26
Initial release of the link-checker skill: - Scans HTML files to find and validate all internal, external, and affiliate links. - Reports broken (4xx/5xx), redirected (3xx), and slow links (>5s response time). - Separates links by type and outputs a severity-sorted, markdown report. - Provides fast, full, and affiliate-focused scan scripts. - Includes configurable options for timeouts and affiliate domains via environment variables.
● 无害
安装命令
点击复制官方npx clawhub@latest install strd-link-checker
镜像加速npx clawhub@latest install strd-link-checker --registry https://cn.longxiaskill.com镜像同步中