ccfrank
v1.0.4查询会议/期刊的 CCF 等级。当用户提到 CCF 等级、论文评级、会议排名、期刊等级,或需要查询某个会议/期刊是 CCF-A/B/C 时使用此技能。支持通过会议简称(如 PLDI、ICSE)、全称、或 DBLP URL 查询。
⭐ 0· 104·0 current·0 all-time
by@m2kar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (query CCF ranks for venues) match the declared dependency on the ccfrank npm package and the described tool entrypoint (ccfrank.ccf_rank). The npm package and GitHub repo are plausible sources for this functionality.
Instruction Scope
SKILL.md instructs only to invoke the ccfrank CLI/tool with a simple 'query' string and returns structured fields; it does not instruct reading arbitrary files, environment variables, or transmitting unrelated data to external endpoints.
Install Mechanism
Install uses an npm package from the public registry (registry.npmjs.org) with an integrity hash and a tarball URL — a typical but moderately risky mechanism compared with instruction-only skills. The install/execution uses 'npx --no-install ccfrank' (which requires npx/npm to be available or the package preinstalled). This is not a dangerous download host, but it does mean third‑party code will run locally; the SKILL.md also suggests global npm installation (npm install -g ccfrank).
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a read-only lookup tool.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Normal autonomous invocation is allowed by default and is not a concern here.
Assessment
This skill is a thin wrapper around the public npm package 'ccfrank' and appears coherent for querying CCF ranks. Before installing or allowing the agent to invoke it: (1) ensure the environment has npm/npx or preinstall the package if you prefer; (2) review the package source on GitHub (https://github.com/m2kar/CCFrank4dblp) to confirm it does only lookups and doesn't perform unexpected network or filesystem actions; (3) prefer running it in a sandbox or review package version integrity if you will install globally; and (4) note the SKILL.md lists no required env vars but does rely on npm tooling — this minor mismatch is benign but worth being aware of.Like a lobster shell, security has layers — review code before you run it.
latestvk97f3b7rnvndjq1ex13ehje4cs83m2xg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.