clklog快速部署
v1.0.0帮助用户根据操作系统和需求选择 Docker 快速部署或源码部署,并提供官方文档指引完成 ClkLog 用户行为分析系统的搭建。
⭐ 0· 23·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description state deployment guidance for ClkLog and the skill's instructions, README, metadata, and small environment-check script match that purpose. Required tools (Docker, Maven, Java, Node.js) are appropriate for the described Docker/source deployment workflows.
Instruction Scope
SKILL.md instructs the agent to ask the user deployment-related questions, point to official docs, run a simple environment check, and clone/build the official repo. It does not instruct reading unrelated files or exfiltrating data. The guidance to edit docker-compose/.env for passwords is expected for deployment.
Install Mechanism
No install spec is present (instruction-only) and the included check_env.sh is a small, benign environment probe. External resources referenced are standard project URLs (clklog.com and GitHub). No downloads from untrusted shorteners or personal IPs are used.
Credentials
The skill requests no environment variables or credentials. It mentions configuring DB passwords in docker-compose (normal for deployment) but does not request or access unrelated secrets.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills. Autonomous invocation is allowed by default but is not combined with other red flags here.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection detector flagged unicode control characters in SKILL.md. The visible content appears normal and coherent with deployment instructions, but hidden control characters can be used to obfuscate content. Recommend a quick sanity check (e.g., view raw bytes or remove control chars) before auto-executing instructions.
Assessment
This skill appears coherent for guiding ClkLog deployment. Before using it, confirm the official URLs (clklog.com, the GitHub repo) are correct and trustworthy, review any scripts you will run (check_env.sh is small and safe), and inspect the repository you clone before executing builds or starting services. Be aware ClkLog is AGPLv3—if you expose a modified/hosted service publicly you may need to open-source changes. Finally, because a detector flagged hidden unicode control characters in the SKILL.md, preview the raw SKILL.md (or remove control characters) to ensure no hidden/obfuscated instructions are present before running any automated actions.Like a lobster shell, security has layers — review code before you run it.
latestvk9750sn1wy8ce2dyxfetxk8sgd84feh6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.