Cloud Agent Intelligence
v0.1.0提供全球云厂商智能体动态监控、竞品深度分析、情报查询及定制对比报告的手动触发接口。
⭐ 0· 79·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim a manual trigger interface for a cloud-intel system; the package contains only a small placeholder JS module and a detailed SKILL.md describing manual actions. There are no unrelated binaries, credentials, or config paths requested—this matches the stated purpose of a thin wrapper/UX layer.
Instruction Scope
SKILL.md contains user-facing invocation examples and descriptions of monitoring/analysis/reporting capabilities but does not instruct the agent to read arbitrary files, access environment variables, or send data to unknown endpoints. It references an external Cron-driven system (the backend), which is plausible for a manual trigger skill; the documentation does not include steps that would exfiltrate data or access unrelated system resources.
Install Mechanism
No install spec is provided (instruction-only plus a tiny placeholder source file). There are no downloads, external archive extracts, or package installation steps that would write or execute third-party code on the host—this is the lowest-risk pattern.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. That is proportionate to an unimplemented/manual-trigger skill. There are contact/payment details in the SKILL.md, but those are out-of-band and not credentials requested by the skill itself.
Persistence & Privilege
The skill does not request always:true and uses default model-invocation behavior. It does not modify other skills or system-wide settings in the provided files. The placeholder implementation returns a ready message and does not persist credentials or alter agent config.
Assessment
This skill appears coherent and low-risk but is currently a placeholder: the JS is unimplemented and SKILL.md documents a manual trigger for an external backend. Before installing or paying for a 'commercial' version, verify the maintainer and backend: 1) Confirm the source/homepage and that the external 'global cloud intelligence' system actually exists (the registry entry lists no homepage and source is unknown). 2) Avoid sending payment or credentials out-of-band until you can audit the provided source or obtain a trusted distribution channel. 3) If you install, expect no functionality until the backend/API or implementation is provided—there are no env vars or installs required by the package itself. 4) If the skill later requests API keys, credentials, or an install script, re-evaluate proportionality and verify endpoints and install sources (prefer official domains/GitHub releases over personal servers).Like a lobster shell, security has layers — review code before you run it.
latestvk97f06n4mwdq2ryk4d4c08nn8983qkgj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.