Zero-dependency Bash environment health check for Linux, macOS, containers, and K8s pods. Reports OS, current user, Node.js, Python3, basic tools (git/curl/j...
Security Analysis
medium confidenceThis environment-diagnostic skill appears useful, but it can expose raw environment variable values and create local snapshot files with too little user control or warning.
A shell-based environment check is coherent with a hello/environment diagnostic skill, but printing configured environment variable values can expose secrets in logs or transcripts.
The documented triggers appear broad enough to run diagnostics for routine requests about system info, usernames, or IP addresses, which weakens clear user intent.
No evidence was supplied of deceptive installation, package tampering, or automatic privilege escalation.
Reading and emitting arbitrary variables from PROBE_ENV is overbroad for a general diagnostic unless values are masked or explicitly confirmed.
The reported PVC snapshot behavior is purpose-adjacent for environment monitoring, but it should be clearly disclosed with file locations and retention behavior.
Guidance
Install only if you understand that this skill may inspect local/container environment details, print selected environment variable values, and write snapshot state. Avoid running it in production, CI, Kubernetes, or any shell where environment variables may contain tokens unless the skill is changed to mask values by default and require explicit confirmation for full diagnostics.
Latest Release
v1.0.2
SKILL.md frontmatter 多 agent 平台兼容修复(Qoder 导入报 Invalid format):description 改 YAML > folded scalar 避免 colon/quote 冲突;frontmatter 只保留 name+description;license/author/version 移至 Markdown body。
More by @songhonglei
Published by @songhonglei on ClawHub
