← Back to Skills Marketplace
archie0125

Osop Review

by Archie0125 · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
100
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install osop-review
Description
Review .osop/.osoplog for security risks, permission gaps, and destructive commands
Usage Guidance
This skill appears to do what it says (analyze .osop/.osoplog contents) but asks for access to ~/.osop/config.yaml and declares bash as required without justifying either. Before installing or running it: - Ask the skill author why ~/.osop/config.yaml is required and what data from it will be read. If the skill needs config context, it should state that in SKILL.md and explain exactly what keys are used. - Confirm whether the skill will actually read the config path or only the argument file. If uncertain, run the skill on a copy of your .osop/.osoplog in a sandbox or with a wrapper that prevents reading ~/.osop. - Verify the bash requirement: if the skill is purely a file analyzer, it shouldn't need a shell binary. Prefer a skill that lists only the minimal dependencies. - When running, avoid supplying real secrets or production logs; test first with redacted samples. If the author updates SKILL.md to explicitly explain the use of ~/.osop/config.yaml (or removes that requirement) and documents any shell commands it runs, the assessment would likely move to benign. If the skill actually reads the config for tokens or other secrets without clearly declaring that, treat it as high-risk and do not install.
Capability Analysis
Type: OpenClaw Skill Name: osop-review Version: 1.2.0 The skill bundle contains instructions for an AI agent to perform security audits on OSOP workflow (.osop) and log (.osoplog.yaml) files. It specifically directs the agent to identify high-risk commands (e.g., 'rm -rf'), hardcoded secrets (e.g., GitHub tokens), and missing security controls like approval gates or timeouts. There is no executable code or evidence of malicious intent; the instructions are purely defensive and aligned with the stated purpose of security reviewing.
Capability Assessment
Purpose & Capability
The skill claims to review .osop/.osoplog files for security issues — that matches the SKILL.md instructions. However the registry metadata requires access to ~/.osop/config.yaml and the bash binary even though the runtime instructions only say to read the provided target file and do an analysis. The config file requirement is not explained in the instructions and could grant access to unrelated persistent configuration or credentials.
Instruction Scope
SKILL.md instructions are narrowly scoped to: read the argument file (.osop or .osoplog), detect risky nodes/commands/secrets, compute a risk score, and present findings. The instructions do not tell the agent to read other files or environment variables, nor to transmit data externally.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is written to disk by an installer.
Credentials
No environment variables or credentials are requested (good). But the declared required config path (~/.osop/config.yaml) is not referenced in SKILL.md. Requesting a user config file without explaining why is disproportionate: that file could contain tokens or global settings unrelated to the single-file review.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It is user-invocable and allows model invocation (normal). There is no evidence it modifies other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install osop-review
  3. After installation, invoke the skill by name or use /osop-review
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Initial ClawHub release — OSOP security & risk analyzer
Metadata
Slug osop-review
Version 1.2.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Osop Review?

Review .osop/.osoplog for security risks, permission gaps, and destructive commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install Osop Review?

Run "/install osop-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Osop Review free?

Yes, Osop Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Osop Review support?

Osop Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Osop Review?

It is built and maintained by Archie0125 (@archie0125); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments