Authorization First
v1.0.0确保任何系统修改、文件操作或外部调用前,详细说明方案、风险并获得用户明确授权才执行。
⭐ 0· 126·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description promise an "authorization-first" workflow and the SKILL.md only contains policies, templates, and examples telling the agent to ask for explicit user consent before any file, system, or external actions. It requests no credentials, binaries, installs, or config paths beyond illustrative examples, so the declared requirements align with the stated purpose.
Instruction Scope
The instructions correctly confine themselves to describing authorization steps and templates for asking consent. They reference specific platform-relevant paths and commands (e.g., ~/.openclaw/openclaw.json, openclaw-gateway.service, journalctl) as examples; these are sensitive but appropriate given the skill's goal of guarding system modifications. The skill does not instruct the agent to read or exfiltrate unrelated files or credentials.
Install Mechanism
There is no install specification and no code files — this is instruction-only, which minimizes on-disk risk.
Credentials
The skill requires no environment variables, credentials, or config-path declarations. All referenced paths/commands are examples for the authorization workflow and are proportionate to the stated purpose.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. Autonomous model invocation is allowed by default but is not in itself a red flag here and is not combined with other concerning properties.
Assessment
This skill is coherent and low-risk: it only prescribes that the agent ask for explicit authorization before making changes. Before installing, note that templates include examples of sensitive commands and config paths — if you grant consent when the agent presents one of these requests, the agent (or underlying runtime) could perform the action. To reduce accidental changes: (1) require clear, explicit confirmation phrases (e.g., a unique token) before allowing destructive commands; (2) review any proposed diff/command carefully before replying with consent; (3) consider disabling autonomous invocation or limiting when the skill can run if you want stronger safeguards; and (4) ensure backups/log access so you can recover from mistakes.Like a lobster shell, security has layers — review code before you run it.
latestvk977g92pm5v647cntsb0cg0g4d832aw4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.