Skill Trigger V2

Framework-only skill trigger reference. Runtime matching implementation has been removed from the published artifact.

Key points to consider before installing: - Inconsistency: The published SKILL.md/README claim this release is documentation-only (runtime removed), but the package actually contains runnable code (core matching engine and setup/wizard). Treat this as a red flag for sloppy release management — not necessarily malicious, but you should not run it blindly. - Hard-coded paths: setup/wizard.py contains absolute paths (/Users/macmini/.openclaw/workspace) in its check commands. That is a developer artifact that can cause failures or unexpected behavior on your machine. Review and, if needed, edit the script to use your actual workspace path before running. - Version mismatches: Different files disagree on the minimum semantic-router/skill-index versions (e.g., package.json lists semantic-router >=7.7.2 while SKILL.md/wizard/core reference >=2.0.0). Confirm which versions you actually need and where those dependencies will be installed from. - File access: The code will read skill_index.json and pools.json and will create ~/.openclaw/workspace/.lib/skill_trigger_config.json. That is expected for a trigger, but confirm those files contain only expected metadata and not secrets. Do not run the wizard with elevated privileges. - Provenance: The registry metadata lacks a clear homepage and the owner ID is opaque. If you plan to install, fetch the package source from a trusted repository (the package.json repository URL is github.com/openclaw/skill-trigger-v2 — verify the repo, tags, and author commit history) and inspect the full code in a safe environment. - Safe testing: Run any install/init/check commands inside a disposable container or VM (or at least with a backup of your ~/.openclaw workspace). Search the code for unexpected network calls, telemetry, or subprocess invocations before allowing it network access. If you want, I can: - point out exact lines in core.py and wizard.py to inspect or sanitize (e.g., replace hard-coded paths), - produce a short checklist of commands to safely inspect or sandbox the package, - or attempt to summarize the remaining truncated portion of core.py if you provide it.

Type: OpenClaw Skill Name: skill-trigger-v2 Version: 2.1.4 The skill bundle contains highly irregular hardcoded absolute file paths pointing to a specific local user environment ('/Users/macmini/') in setup/wizard.py and make_doc_correct.py, which would cause the skill to fail or behave unpredictably on other systems. Furthermore, setup/wizard.py utilizes subprocess.run to execute shell commands that parse internal configuration files (~/.openclaw/workspace/.lib/skill_index.json) to extract version metadata. While the core logic in skill_trigger_v2/core.py appears to be a legitimate weighted intent-matching system, the combination of hardcoded environment assumptions and shell-based configuration parsing is a significant security and stability concern.