Redis Skill - 高性能缓存管理
v1.0.0Redis 缓存和数据结构管理技能。通过自然语言操作 Redis,支持 String、Hash、List、Set、ZSet、Stream 等数据结构操作。当用户提到 Redis、缓存、消息队列、会话存储时使用此技能。
⭐ 0· 217·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name, description, SKILL.md and package.json consistently describe Redis management and request appropriate tooling (redis-cli, python redis). Minor inconsistency: the registry metadata at the top claimed 'required binaries/env vars: none' while package.json.openclaw.requires and SKILL.md do recommend redis-cli and REDIS_HOST/REDIS_PORT/REDIS_PASSWORD — these requirements are reasonable for the stated purpose but the metadata mismatch is a bookkeeping issue.
Instruction Scope
SKILL.md only instructs installing/using redis-cli and the Python redis client, and shows Redis commands (SET/GET/HSET/LPUSH/ZADD/XREAD, EVAL for Lua). It does not direct reading unrelated system files or exfiltrating data to external endpoints. Use of EVAL/Lua and requiring credentials are expected for advanced Redis operations.
Install Mechanism
This is an instruction-only skill (no code files). package.json includes install hints that call system package managers (apt/brew) and pip; those are standard but require sudo/privileged actions to install system packages. No downloads from arbitrary URLs or extract steps are present.
Credentials
SKILL.md recommends environment variables REDIS_HOST, REDIS_PORT, REDIS_PASSWORD and suggests using redis-cli — these are directly relevant. The skill does not request unrelated secrets or multiple unrelated credentials.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide config changes or persistent elevated privileges. It does not claim to modify other skills or agent configuration.
Assessment
This skill appears to do what it says: generate Redis commands and usage guidance. Before installing or running commands, verify the package.json repository/homepage if you care about provenance (the registry summary said 'source: unknown' even though package.json contains a GitHub URL). Be cautious about: 1) running the install commands (apt/brew/pip) which may require sudo; 2) connecting to remote Redis instances — providing REDIS_PASSWORD and host/port to the agent or running commands against a remote Redis can expose sensitive data; 3) running EVAL/Lua code on a Redis server (it can execute arbitrary operations there). Recommended precautions: only point the skill at trusted, network-isolated Redis instances (not public Internet), use least-privilege/temporary credentials, review any generated commands before executing them, and avoid storing highly sensitive plaintext data in Redis. If you want stronger assurance, inspect the GitHub repository listed in package.json and confirm the maintainer identity and recent activity.Like a lobster shell, security has layers — review code before you run it.
latestvk970k6wzpgd1frcpk6zc2b4dv583fe5m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.