← Back to Skills Marketplace
omaression

Skill Auditor & Enhancer

by omaression · GitHub ↗ · v1.0.0-alpha · MIT-0
cross-platform ⚠ suspicious
220
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-enhancer
Description
Periodically audit all workspace skills, learnings, memory, and configuration files to recommend refactoring, new skill ideas, and workflow improvements. Tri...
Usage Guidance
This skill largely implements an internal audit pipeline (scripts are benign and unit-tested), but there are two gaps you should address before installing: - Telegram delivery: the SKILL.md promises automatic Telegram messages but the skill declares no TELEGRAM_BOT_TOKEN, CHAT_ID, or equivalent. Decide where audit messages should go and require explicit, securely stored credentials. Do not rely on implicit or global agent integrations unless you trust them. - Automatic scheduling & data flow: the skill recommends adding a cron job that will read many workspace files (including memory and USER.md) and then deliver results externally. If those files contain secrets or private content, automatic external delivery could leak information. Require a dry-run mode and human approval before enabling scheduled runs or external delivery. Limit the set of files scanned (or redact sensitive files) and verify the 'deliver' step uses only the approved destination. - Validation steps: run the included tests and a dry-run locally to confirm outputs, and inspect any agent-level permissions required to add cron jobs. Add explicit environment variable requirements to the skill metadata (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and an opt-in confirmation before first send. If you cannot confirm a controlled Telegram target and a secure way to store/send tokens, do not enable the automatic delivery/scheduling features — keep the skill manual and dry-run only.
Capability Analysis
Type: OpenClaw Skill Name: skill-enhancer Version: 1.0.0-alpha The 'skill-auditor' bundle implements an automated weekly audit that ingests the entire workspace—including sensitive core files like SOUL.md, USER.md, and MEMORY.md—and exfiltrates summaries to Telegram and external LLMs without user prompting. While the Python scripts (e.g., build_audit_state.py) perform standard file hashing and scanning, the SKILL.md instructions create a high-risk data exposure path by bypassing human-in-the-loop confirmation for sensitive data delivery. The instructions also reference non-existent model versions (e.g., GPT-5.4), which is anomalous for a standard utility.
Capability Assessment
Purpose & Capability
The skill claims to perform a weekly audit of workspace skills, memory, and config which matches the included scripts (build audit state, merge evaluations, format Telegram). However the SKILL.md also promises automatic delivery to Telegram and cron scheduling while the package declares no required env vars, credentials, or delivery tooling; sending messages externally normally requires a bot token/chat id or a configured platform integration, which is not declared here.
Instruction Scope
Runtime instructions explicitly read broad workspace surface (skills/*/SKILL.md, .learnings, SOUL.md, AGENTS.md, USER.md, memory/*.md, etc.), compute hashes, run multi-model evaluation steps, and then 'send recommendations directly to Telegram without user prompting.' Reading those files is coherent for an auditor, but the instruction to send automatically to Telegram (and the cron command that runs the full pipeline autonomously) grants the skill the ability to transmit potentially sensitive workspace data off-agent without any declared transport auth or per-run confirmation.
Install Mechanism
No install spec is present (instruction-only with helper scripts). This is low-risk from an installation/download perspective: nothing is fetched from external URLs or written to unusual system locations by an installer.
Credentials
The skill declares no required environment variables or credentials, yet its behavior requires a Telegram delivery channel (bot token / chat id) and will likely need the agent's ability to call external models or the network. Absence of any declared TELEGRAM_* env vars or delivery configuration is a mismatch and hides an implicit need for sensitive credentials. Also the agent will read potentially sensitive workspace files (memory, USER.md, etc.) — this is expected for auditing, but combined with automatic external delivery increases exfiltration risk.
Persistence & Privilege
always:false (good) and disable-model-invocation:false (normal). However the SKILL.md recommends adding a scheduled cron job via the agent (openclaw cron add ...) to run weekly; that grants persistent scheduled execution and requires the agent platform to allow creation of such jobs. Scheduling itself is reasonable for a periodic auditor, but users should be aware the skill requests recurring autonomous runs and an automatic delivery channel.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-enhancer
  3. After installation, invoke the skill by name or use /skill-enhancer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0-alpha
Initial release of skill-auditor: automated weekly workspace skill audit and recommendation system. - Periodically audits all skills, memory, and config files with a structured multi-phase pipeline. - Delivers categorized, actionable Telegram recommendations: safe refactors, items needing review, and informational notes. - Uses file hash comparison to minimize redundant analysis and token usage. - Supports both cron-scheduled and manual triggers. - No automatic file edits; all recommendations require explicit user approval before changes. - Includes helper scripts and tests for audit state building, evaluation merging, and Telegram formatting.
Metadata
Slug skill-enhancer
Version 1.0.0-alpha
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill Auditor & Enhancer?

Periodically audit all workspace skills, learnings, memory, and configuration files to recommend refactoring, new skill ideas, and workflow improvements. Tri... It is an AI Agent Skill for Claude Code / OpenClaw, with 220 downloads so far.

How do I install Skill Auditor & Enhancer?

Run "/install skill-enhancer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Auditor & Enhancer free?

Yes, Skill Auditor & Enhancer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Auditor & Enhancer support?

Skill Auditor & Enhancer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Auditor & Enhancer?

It is built and maintained by omaression (@omaression); the current version is v1.0.0-alpha.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments