← Back to Skills Marketplace
Auto Config Skiller
by
wuhongchen
· GitHub ↗
· v0.1.0
· MIT-0
301
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auto-config-skiller
Description
Provides one-click environment initialization, core skill installation, and configuration for OpenClaw users to streamline setup and dependencies.
README (SKILL.md)
Auto Config Skiller (自动配置助手)
该技能旨在为 OpenClaw 用户提供一键式的环境初始化、基础技能安装及核心配置服务。
场景描述
当你刚刚安装好基础的 OpenClaw 后,可以使用此技能快速补全“小龙虾”生态所需的核心 Skill 和 Python 依赖库,避免手动克隆仓库和配置 .env 的繁琐过程。
核心分类编排
为了让 OpenClaw 更具战斗力,我们将技能分为以下四个核心维度:
- 通讯 (Communication)
Feishu-OpenClaw: 飞书官方插件,支持文档、群聊、日历及 Meego 深度集成。
- 基础工具 (Basic Tools)
CN-Life Toolkit: 国内生活服务(天气、快递、油价等)。Exec Tool / Web Search: 核心执行与搜索能力。
- 优化工具 (Optimization Tools)
Skill-Self-Improving: 让 AI 在交互中自我优化。ClawRouter: 智能路由,优化成本。
- 安全工具 (Security Tools) - [必装]
Skill-Vetter: 技能审计大师,安装其他技能前的第一道防线。Clawscan: 安全扫描。
工作流 (Workflows)
- 环境诊断 (Diagnosis)
- 官方通道: 集成飞书诊断与修复工具
openclaw-lark-tools。 - 配置自检: 自动识别
.env配置文件状态及目录写入权限。 - 资源评估: 检测磁盘空间等基础硬件状态。
- 官方通道: 集成飞书诊断与修复工具
- 分类调研 (Research)
- 自动拉取 ClawHub 推荐列表,识别核心工具。
- 全流程自动化安装 (Full Auto-Install)
- 一键启动: 通过
./setup.sh开启傻瓜化配置流。 - 多源加速: 集成 ClawHub 与 Tencent SkillHub,自动绕过登录限制与网络障碍。
- 交互配环境: 告别
.env.example手动修改,实现对话式参数配置。 - 灵魂注入: 预设
agency-agents库,一键下载高分 AI 人设 Prompt。
- 一键启动: 通过
详细的操作指引与场景说明请参阅:使用指南 (USAGE_GUIDE.md)
维护者
Antigravity
Usage Guidance
This package is plausible for a one‑click OpenClaw setup, but exercise caution before running it. Key points: (1) Do not run the installer (setup.sh or the curl|bash URL) on a production machine or as root without auditing the downloaded script. The installer is fetched from a third‑party COS URL rather than an official project domain. (2) Review the remote install script (https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh) before executing; prefer official installer sources. (3) Because the tool prompts for secrets (Feishu keys, OPENAI_API_KEY), avoid entering real credentials until you verify all downloaded code and trust the source — consider using temporary/test keys. (4) Run the setup in an isolated VM or container if you want to trial it. (5) If the maintainer can provide a trustworthy homepage, signed release artifacts, or move the installer to an official project/release location (and remove 'bypass login' claims), re-evaluate — that would reduce risk and could shift this to benign. (6) If you need help auditing the remote install script or the remainder of the truncated persona/installation logic, provide the full contents and I can analyze them for hidden endpoints or exfiltration.
Capability Analysis
Type: OpenClaw Skill
Name: auto-config-skiller
Version: 0.1.0
The skill bundle performs automated environment setup but utilizes several high-risk patterns that introduce significant security vulnerabilities. Specifically, 'scripts/diagnose_and_install.py' executes a remote shell script via a 'curl | bash' command from a third-party Tencent COS bucket and explicitly disables SSL certificate verification ('ssl.CERT_NONE') when fetching persona templates from GitHub. While these behaviors are consistent with the stated goal of a 'one-click' configuration tool, the combination of unverified remote execution and weakened transport security poses a high risk of RCE and MITM attacks.
Capability Assessment
Purpose & Capability
The SKILL.md promises one‑click environment initialization for OpenClaw which reasonably explains cloning repos and writing a .env, but the package metadata declares no required binaries/envs while the scripts clearly need git, python3, curl, npx and network access. That mismatch (declaring nothing required while the code invokes many external tools) is incoherent and lowers trust.
Instruction Scope
Runtime instructions tell the agent/user to run ./setup.sh which runs diagnose_and_install.py and can: clone many repositories, run npx packages, prompt for and write secrets into .env, test network connectivity, and call out to external install endpoints. The SKILL.md also advertises '免登录安装'/'绕过登录' (bypass login) which implies behavior that circumvents normal auth flows — that is scope‑creep relative to a benign setup tool and raises red flags about possible misuse of alternative sources.
Install Mechanism
There is no formal install spec, but the Python script runs a shell command that executes a remote installer via curl -fsSL https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh | bash. Downloading and piping an installer from a third‑party COS URL to bash is high risk. The scripts also invoke npx (which can fetch and execute remote packages) and clone multiple Git repos; these are normal for installers but the use of an unofficial COS URL and the explicit 'bypass login' behavior is notable and risky.
Credentials
The skill metadata lists no required environment variables, yet the interactive installer prompts for and writes keys such as FEISHU_APP_ID/SECRET and OPENAI_API_KEY into .env. Asking for these values during setup can be legitimate, but the skill does not declare them up front and the code will run remote installers — if you provide secrets they will be stored locally and could be used by code fetched from external sources. No explicit exfiltration is present in the visible code, but the combination of remote installs and secret prompts is disproportionate without stronger provenance.
Persistence & Privilege
The skill is not always-enabled and does not declare elevated privileges. However, running the provided scripts will install CLIs (SkillHub), clone repositories, and modify local .env and user-local bin path in the current process. Autonomous invocation is allowed by default (not flagged by itself), so if an agent were to run these scripts they would effect system changes — consider this when permitting autonomous execution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install auto-config-skiller - After installation, invoke the skill by name or use
/auto-config-skiller - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Auto Config Skiller 0.1.0 – Initial Release
- Provides one-click environment initialization, core skill installation, and configuration for OpenClaw users.
- Automatically installs essential tools grouped by communication, basic utilities, optimization, and security.
- Includes full workflow automation: environment diagnosis, research, and step-by-step setup via a guided script.
- Supports interactive `.env` configuration and multi-source accelerated package downloads.
- Integrates out-of-the-box agents and detailed usage documentation.
- Prioritizes security by requiring vetting tools before installing other skills.
Metadata
Frequently Asked Questions
What is Auto Config Skiller?
Provides one-click environment initialization, core skill installation, and configuration for OpenClaw users to streamline setup and dependencies. It is an AI Agent Skill for Claude Code / OpenClaw, with 301 downloads so far.
How do I install Auto Config Skiller?
Run "/install auto-config-skiller" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Auto Config Skiller free?
Yes, Auto Config Skiller is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Auto Config Skiller support?
Auto Config Skiller is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Auto Config Skiller?
It is built and maintained by wuhongchen (@wuhongchen); the current version is v0.1.0.
More Skills