Support Macro Crafter
v1.0.0批量生成客服回复模板,统一同理句、行动句、边界句与升级提示。;use for support, macros, customer-service workflows;do not use for 承诺做不到的事情, 输出攻击性文案.
⭐ 0· 74·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the files and behavior: resources/spec.json, template.md, examples, and scripts/run.py implement structured template generation and lightweight local auditing. Requesting only python3 is proportionate.
Instruction Scope
SKILL.md keeps scope to generating templates and suggests running the included script for local processing. The script, when invoked, can read a provided file or scan a provided directory (it will enumerate and sample many common text/code file types). This is consistent with the skill's directory-audit and pattern-audit modes, but you should not feed it paths containing secrets or sensitive system areas.
Install Mechanism
No install spec or remote downloads; it's instruction-only with a bundled Python script and relies only on the system python3 binary and the standard library.
Credentials
No environment variables, credentials, or external config paths are required. The script contains regexes to detect secret-like strings and dangerous patterns (for auditing), but it does not exfiltrate data or contact external endpoints.
Persistence & Privilege
always is false, the skill does not request permanent presence or modify other skills. It only executes local scripts when explicitly invoked.
Scan Findings in Context
[curl_pipe_bash] expected: The run.py contains a pattern to detect 'curl ... | bash' occurrences as part of its audit/pattern checks. This is a scanner rule present to identify risky content, not an indication the skill executes such commands.
[dangerous_rm] expected: run.py searches for dangerous 'rm -rf' usages in scanned text files; this is appropriate for a local audit tool.
[base64_exec] expected: run.py includes a pattern to detect base64-decoded piped execution, used to flag suspicious content while auditing user-provided files.
[secret_like] expected: run.py looks for secret-like strings and redacts part of matches in its reporting. This is expected for a tool that audits files for sensitive content.
[private_url] expected: run.py includes a pattern to detect references to internal/private URLs. This is reasonable for directory/pattern auditing.
Assessment
This skill appears to do what it claims and is local-only, but be careful about what you pass as the script input: the bundled script will read and sample files from any file or directory path you give it (including .md, .py, .sh, .json, csv, etc.). Do not point it at system roots or folders containing credentials or sensitive data. Review all generated templates before publishing or automating any external writes. If you plan to allow an agent to autonomously run the script, restrict the input paths the agent can use and avoid granting access to directories with secrets or production configs.Like a lobster shell, security has layers — review code before you run it.
latestvk979862g6a370eg2sxwftz60gs83fnc5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💬 Clawdis
OSmacOS · Linux · Windows
Binspython3