Cn Dev Setup
v1.0.0一键配置国内开发环境镜像源。解决 npm/pip/go/docker/cargo 等工具在国内下载慢、超时的问题。 支持 npm、yarn、pnpm、pip、Go (GOPROXY)、Docker、Cargo、Maven、Gradle、Homebrew 镜像源切换。 Use when: 用户说"配置镜像源"、"n...
⭐ 0· 133·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (switching dev tool mirrors for China) aligns with included files and behavior. The SKILL.md and scripts only reference package registry mirrors (npm, pip, Go, Cargo, etc.) and commands needed to change them; nothing requests unrelated access such as cloud credentials or unrelated system services.
Instruction Scope
Runtime instructions and the Python script operate within the expected scope: they check and change tool config (npm/pip/go/git/cargo, edit ~/.cargo/config.toml, run 'npm config'/'pip config'/'go env -w', etc.). The script prints a message for Docker and does not attempt to modify /etc/docker/daemon.json itself (SKILL.md explains Docker needs manual/root changes). Note: the script uses subprocess to run commands and writes to user config files (~/.cargo) — that's expected for configuration tasks but users should be aware it will modify local config files.
Install Mechanism
No install spec; this is instruction-only plus a small included Python script. Nothing is downloaded or executed from external arbitrary URLs during install. The script is included in the bundle and runs locally.
Credentials
The skill requests no environment variables or credentials. The operations performed (changing registries, setting trusted-host for pip, writing to dotfiles) are proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated privileges. It modifies only user-level config files (and instructs manual Docker daemon edits that require admin). It does not alter other skills or system-wide agent settings.
Assessment
This skill is coherent with its purpose, but exercise normal caution before running scripts that change tool config: 1) Inspect or back up config files you care about (e.g., ~/.cargo/config.toml, ~/.m2/settings.xml, shell rc files). 2) Run the script with --status first to see current settings. 3) Prefer running per-tool changes rather than --all if you want finer control. 4) The script will invoke local commands (npm, pip, go, etc.); ensure those CLIs are what you expect and not malicious wrappers. 5) Docker changes require root and are intentionally left manual — do not run random scripts with sudo. 6) Understand that switching to third-party mirrors can expose you to different trust/certificate behaviors (pip's trusted-host weakens TLS checks), so only use mirrors you trust. If you want greater assurance, run the script in a controlled environment or review its source (scripts/setup_mirrors.py) before executing.Like a lobster shell, security has layers — review code before you run it.
latestvk97d5k0h5c62pv6xer5h794e098332tb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.