← Back to Skills Marketplace
147
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install master-skill-review
Description
Review an OpenClaw skill for token efficiency, scriptability, and clean action boundaries; back up first, then improve the skill.
Usage Guidance
This skill is a plausible meta-review tool and includes only a safe read-only helper script, but its SKILL.md asks the agent to back up and modify other local skills without providing an explicit, auditable backup/modify script. Before installing or enabling autonomous invocation: 1) Require explicit confirmation before any file write — prefer the agent to produce patch suggestions rather than applying changes automatically. 2) Add/verify a dedicated backup script that writes backups to a clearly named, access-controlled location and prints the backup path. 3) Limit which agent identities can run this skill with write permission (prefer read-only for general users). 4) Audit any future scripts that actually perform writes before granting run privileges. If you want minimal risk, use the included review_skill.sh for read-only analysis only and do manual backups and edits yourself.
Capability Analysis
Type: OpenClaw Skill
Name: master-skill-review
Version: 1.0.1
The skill is a meta-utility designed to audit and modify other OpenClaw skills for token efficiency and scriptability. While its stated purpose is benign and it includes safety-conscious instructions (e.g., mandatory backups and evidence reporting in SKILL.md), it possesses high-risk capabilities, specifically the authority to modify SKILL.md, scripts, and references across the local environment. The accompanying script, scripts/review_skill.sh, is a safe, read-only diagnostic tool that checks file sizes and heuristics without any evidence of malicious intent or vulnerabilities.
Capability Assessment
Purpose & Capability
The name/description (a meta-skill that inspects and improves other skills) aligns with the files present: SKILL.md, checklist, and a review script that inspects SKILL.md, scripts/, and references/. The skill does not request unrelated credentials or binaries. However, the human-readable instructions explicitly say the skill may 'inspect and modify' other local skill folders and that it will 'back up first, then modify' — yet the included script only performs read-only analysis and does not implement backing up or modification. That mismatch between claimed behavior (automatic backups/modifications) and provided tooling is notable.
Instruction Scope
SKILL.md instructs the agent to read target SKILL.md, scripts/, references/, back up the target, and 'improve the skill structure' (modify files). Those operations are local filesystem reads/writes within other skill folders. The included script (scripts/review_skill.sh) only reads and reports — it does not perform backups or changes. Because the instructions permit file modifications but do not provide audited/explicit scripts to do safe backups or changes, an agent given autonomy could make arbitrary edits. The instructions are also somewhat vague about where backups should be stored and what constitutes an acceptable 'improvement'.
Install Mechanism
No install spec and only an instruction/script bundle—lowest risk for arbitrary remote code download. The only executable provided is a small bash script that performs read-only checks and prints heuristics. No external downloads, package installs, or extract steps are present.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no declared secrets or unrelated credentials, which is proportionate to a local-file review task.
Persistence & Privilege
always:false (normal). The SKILL.md explicitly expects a high-permission 'master' agent that can inspect and modify other local skill folders. That need for elevated local filesystem access is coherent for a meta-reviewer tool, but combined with autonomous invocation (disable-model-invocation:false) it raises practical risk: an agent could autonomously change other skills if given permission. This is a power/privilege consideration rather than an immediate technical exploit—limit autonomous write permissions if you want safer operation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install master-skill-review - After installation, invoke the skill by name or use
/master-skill-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Renamed local skill-review to master-skill-review and aligned local naming references.
v1.0.0
Initial release: review skills for token efficiency, scriptability, clearer action boundaries, and backup-first improvement flow.
Metadata
Frequently Asked Questions
What is Skill Review?
Review an OpenClaw skill for token efficiency, scriptability, and clean action boundaries; back up first, then improve the skill. It is an AI Agent Skill for Claude Code / OpenClaw, with 147 downloads so far.
How do I install Skill Review?
Run "/install master-skill-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Review free?
Yes, Skill Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Review support?
Skill Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Review?
It is built and maintained by kid0114 (@kid0114); the current version is v1.0.1.
More Skills