Template Snippet Switchboard
v1.0.0管理常用模板和片段,按场景、角色、语气、长度切换并维护版本。;use for templates, snippets, writing workflows;do not use for 塞入未经审校的敏感话术, 替代版本管理系统.
⭐ 0· 77·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, included resources (spec.json, template.md, examples) and the Python script all implement local template/snippet management and lightweight audits. Declared requirement (python3) matches the included script; nothing required by the skill appears unrelated to its stated purpose.
Instruction Scope
SKILL.md instructs the agent to either produce outputs from bundled templates or run scripts/run.py locally. The script intentionally reads files and directories (for directory/csv/skill audits) and will inspect many text file types; this is expected for an audit tool but means the agent/script can read arbitrary user-specified paths. The skill's frontmatter and README call out safety boundaries, but users/agents should avoid passing sensitive system paths as --input.
Install Mechanism
No install spec; instruction-only plus a local Python script. No network downloads or external package installs are performed by the skill bundle.
Credentials
The skill requires no environment variables or credentials. It does not request unrelated secrets or tokens. The script does parse files for 'secret-like' patterns (for auditing), which is appropriate for its purpose.
Persistence & Privilege
always:false and no indication the skill modifies other skills or writes persistent agent-wide configuration. The agent may invoke the skill (default platform behavior); this is expected for an autonomous skill and is not, by itself, a concern here.
Scan Findings in Context
[curl_pipe_bash] expected: The script includes a regex to detect 'curl | bash' patterns in scanned files. This is an audit pattern and is expected for a local scanner.
[dangerous_rm] expected: The 'rm -rf' danger pattern is included in the PATTERNS table to flag destructive commands during audits; expected for a scanning tool.
[base64_exec] expected: Detection of base64-decode piped to interpreters is present to find obfuscated execs in scanned files; appropriate for auditing.
[secret_like] expected: There is a secret-like regex; the script masks matched secrets in its pattern_report output. This is expected for an audit-oriented skill.
[private_url] expected: Detection of private/internal URL patterns is used by the scanner to identify potentially sensitive references in files; appropriate for the skill's auditing features.
Assessment
This skill is coherent and appears safe for local template management and lightweight audits, but exercise caution when running its script: do not point --input at system-wide or home directories containing secrets (e.g., /, /home, ~/.ssh, credential/config dirs) unless you intend a full audit. The script reads many file types and may surface sensitive text; pattern-based redaction is limited (only applied in the pattern_report path). If you plan to let an autonomous agent run this skill, restrict its allowed input paths or require explicit user confirmation before executing the script. For highest safety, review scripts/run.py locally yourself and run with --dry-run and sample directories first.Like a lobster shell, security has layers — review code before you run it.
latestvk976fasrcjhjv7gqm0bc6tr9as83fsb9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧱 Clawdis
OSmacOS · Linux · Windows
Binspython3