← Back to Skills Marketplace
mrkangzubin

Agent Advisor

by MrKangZuBin · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ✓ Security Clean
265
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-advisor
Description
模型推荐 + OpenClaw 安全系数分析工具。当用户询问"用哪个模型"、"推荐模型"、"适合什么模型"、"安全系数"、"openclaw 安全"、"根据历史"时触发。功能:(1) 根据历史会话自动分析任务类型并推荐最优的 Claude 模型(auto 模式),(2) 根据用户描述的任务推荐最优模型(recom...
README (SKILL.md)

Model Advisor Skill

根据历史任务或用户描述推荐最优模型,并输出当前 OpenClaw 的安全系数。

使用流程

场景一:根据历史任务自动推荐(推荐首选)

无需用户描述任务,直接分析历史会话中的高频任务类型:

node "C:\Users\zane\.openclaw\workspace\skills\model-advisor\scripts\advisor.js" auto

脚本会读取最近 5 个 session 的用户消息,统计任务类型分布(代码架构/日常问答/简单格式化), 自动推荐命中率最高的模型,并展示各模型的历史使用频率柱状图。

场景二:根据用户描述任务推荐

若用户描述了具体任务,使用关键词匹配推荐:

node "C:\Users\zane\.openclaw\workspace\skills\model-advisor\scripts\advisor.js" recommend "\x3C用户的任务描述>"

场景三:用户询问安全系数

node "C:\Users\zane\.openclaw\workspace\skills\model-advisor\scripts\advisor.js" security

将结果输出给用户,并对低分项目给出改进建议。

场景四:完整报告(安全系数 + 模型推荐)

# 有任务描述时:安全系数 + 关键词推荐
node "C:\Users\zane\.openclaw\workspace\skills\model-advisor\scripts\advisor.js" full "\x3C任务描述>"

# 无任务描述时:安全系数 + 历史自动推荐
node "C:\Users\zane\.openclaw\workspace\skills\model-advisor\scripts\advisor.js" full

模型选择参考

模型 适用场景 速度
claude-opus-4-6 复杂代码架构、多步骤推理、系统设计、深度分析、技术文档、性能优化、分布式系统 较慢
claude-sonnet-4-6 日常编码、问答、摘要翻译、内容生成、简单分析、git操作、脚本工具 中等
claude-haiku-4-5 简单问答、格式化、分类标注、快速响应 极快

安全系数评分维度

维度 满分 说明
认证模式 30分 token > password > none
网络绑定 25分 loopback > local > tailscale > 公网
Tailscale 状态 15分 off > on
命令黑名单 20分 覆盖高危命令的比例
Gateway 模式 10分 local > 其他

安全等级:85分以上为高安全,60-84分为中等安全,60分以下为低安全。

改进建议模板

若安全系数低,给出以下方向的建议:

  • 认证模式 \x3C 30分:建议在 openclaw.json 中将 gateway.auth.mode 设置为 "token"
  • 网络绑定 \x3C 25分:建议将 gateway.bind 设置为 "loopback"(仅本机访问)
  • 命令黑名单 \x3C 15分:建议在 gateway.nodes.denyCommands 中添加 camera.snapscreen.recordcontacts.add 等高危命令
Usage Guidance
This skill reads your OpenClaw configuration and recent session files in your home directory (~/.openclaw/openclaw.json, models.json, and session .jsonl files) to compute a security score and recommend models. That behaviour matches its description, but be aware the session files contain user messages (potentially sensitive). Before installing or running, you may: (1) inspect the full scripts/advisor.js file yourself (search for any 'http', 'fetch', 'net', or 'child_process' uses) to confirm there are no network exfiltration calls; (2) back up or redact sensitive sessions you don't want analyzed; and (3) ensure you trust the source since the script will read local chat contents. If you want extra caution, run the script in a restricted environment or inspect output locally rather than granting any additional credentials.
Capability Analysis
Type: OpenClaw Skill Name: agent-advisor Version: 0.1.1 The skill bundle is a legitimate utility designed to recommend AI models based on task descriptions or session history and to audit the security configuration of the OpenClaw environment. The script `scripts/advisor.js` reads local configuration files (`openclaw.json`) and session logs to calculate a security score and match keywords for model selection. It does not contain any network-reaching code, obfuscation, or unauthorized execution logic. While `SKILL.md` contains hardcoded file paths specific to a developer's environment (e.g., 'C:\Users\zane'), this is a functional bug rather than a security threat, as the underlying script correctly uses cross-platform path resolution via `os.homedir()`.
Capability Assessment
Purpose & Capability
The name/description (model recommendation + OpenClaw security analysis) matches the implementation: the script reads ~/.openclaw/openclaw.json, optional models.json, and recent session files to compute a security score and recommend Claude models. No unrelated services, binaries, or credentials are required.
Instruction Scope
SKILL.md and the runtime script instruct the agent to run the local Node script which reads local OpenClaw configuration and session history and prints results. The instructions reference only local OpenClaw paths and do not direct data to external endpoints or request unrelated system files. Note: reading session files means user messages are processed locally (privacy-sensitive but expected for the stated purpose).
Install Mechanism
There is no install spec or external download. The skill is implemented as a local Node script and is intended to be run with the system's node binary; nothing is written to disk by an installer. This is a low-risk install footprint.
Credentials
No environment variables or credentials are requested, which is appropriate. The script does read files under the user's home directory (~/.openclaw/*), including sessions.json/.jsonl and openclaw.json — these contain user conversation text and configuration and are necessary for the feature but are privacy-sensitive. The access is proportionate to the stated functionality.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills, and does not require system-wide changes. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agent-advisor
  3. After installation, invoke the skill by name or use /agent-advisor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Renamed the skill to "model-advisor" and updated the description for clearer scope. - Improved documentation with detailed usage instructions for model recommendation and OpenClaw security score analysis. - Clarified usage scenarios: automatic recommendation from session history, task-based recommendation, security analysis, and combined reports. - Added model selection reference table and security scoring system with actionable improvement tips.
Metadata
Slug agent-advisor
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Agent Advisor?

模型推荐 + OpenClaw 安全系数分析工具。当用户询问"用哪个模型"、"推荐模型"、"适合什么模型"、"安全系数"、"openclaw 安全"、"根据历史"时触发。功能:(1) 根据历史会话自动分析任务类型并推荐最优的 Claude 模型(auto 模式),(2) 根据用户描述的任务推荐最优模型(recom... It is an AI Agent Skill for Claude Code / OpenClaw, with 265 downloads so far.

How do I install Agent Advisor?

Run "/install agent-advisor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Advisor free?

Yes, Agent Advisor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Advisor support?

Agent Advisor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Advisor?

It is built and maintained by MrKangZuBin (@mrkangzubin); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments