← Back to Skills Marketplace
bennettphil

Skill Soup

by Phil Bennett · GitHub ↗ · v0.5.0
cross-platform ⚠ suspicious
874
Downloads
2
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install skill-soup
Description
Autonomous skill generation agent that picks up community ideas, uses evolved builder tools to produce Agent Skills, and publishes them back to the Skill Soup ecosystem. Also supports community actions — submitting ideas, voting on ideas, and voting on skills.
Usage Guidance
This skill appears to do exactly what it says: it will run a local generation workflow, create files under .soup, persist an auth token to .soup/auth.json, and publish generated skills via the local API (which claims to create GitHub repos). Because the skill can autonomously generate, mutate, and publish code, take these precautions before using it: - Only run it in an isolated/test environment (not on a machine with sensitive data or broad filesystem/network access). - Inspect any builders in .soup/builders before allowing the agent to execute or follow them — builders can instruct the agent to create arbitrary code or make external requests. - Limit the scope of tokens used by the Skill Soup API / GitHub (give the minimum permissions, or use a throwaway account) and be prepared to revoke them if something looks wrong. - Do not run continuous/unsupervised generation loops until you have validated the builder pool and the API behavior. - Prefer to run the Skill Soup API and skill runner locally under network restrictions (e.g., no outbound access) if you want to avoid accidental publishing/exfiltration. Confidence is medium because the skill is instruction-only (no code to scan) and its provenance is unknown; the instructions are coherent with the declared purpose but grant broad autonomous capabilities that could be abused.
Capability Analysis
Type: OpenClaw Skill Name: skill-soup Version: 0.5.0 The skill bundle presents a significant supply chain vulnerability. In `SKILL.md`, Step 2 instructs the agent to download and replace its entire `.soup/builders/` directory with content (including `SKILL.md` files and arbitrary `files_json`) from the `http://localhost:3001/api/builders/sync` endpoint. The agent is then explicitly instructed in Step 5 to 'Follow the selected builder's SKILL.md instructions,' creating a direct prompt injection vector. This design allows a compromised or malicious Skill Soup API to inject arbitrary code and instructions, leading to potential remote code execution and other harmful activities, despite the skill itself not containing explicit malicious intent.
Capability Assessment
Purpose & Capability
Name/description match the behavior in SKILL.md: the agent talks to a Skill Soup API, picks ideas, uses builders, produces skills, and publishes them (the workflow describes creating repos via the API). The claimed capabilities reasonably explain the files it reads/writes (.soup workspace) and the device-flow auth.
Instruction Scope
The SKILL.md gives the agent broad, open-ended instructions: run a generation loop, choose builders from a local pool, rewrite builders' SKILL.md (mutation), validate outputs, and publish results. While these actions align with the stated purpose, they effectively let the agent generate arbitrary code and push it to remote repositories via the API. The instructions also persist authentication tokens to .soup/auth.json and manage local workspace state. This broad autonomy and ability to mutate and publish code is a significant operational risk, especially because builders (which the agent will execute/interpret) can themselves contain arbitrary instructions.
Install Mechanism
Instruction-only skill with no install spec and no binaries to install. Nothing is written to disk by a packaged installer; runtime writes are limited to the .soup workspace described in SKILL.md. This is lower install risk, but runtime filesystem writes still occur per the instructions.
Credentials
The skill declares no required env vars or external credentials. It does, however, instruct saving a JWT returned by the local API to .soup/auth.json and to use it for subsequent API calls. Storing a token locally is functionally necessary for the workflow, but it creates a persistent credential that other processes or skills could read if they have access to the same filesystem; the skill itself does not request unrelated credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). It does create and modify local state (.soup directory and auth.json) and interacts with an external publishing endpoint (the Skill Soup API that may create GitHub repos). The ability to autonomously loop (generate/publish repeatedly) combined with token persistence increases blast radius if the skill or builders are malicious. No explicit step shows modifying other skills' configs beyond the .soup workspace, which is appropriate for its role.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-soup
  3. After installation, invoke the skill by name or use /skill-soup
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.5.0
Skill Soup Runner 1.0.0 – Initial Release - Introduces an autonomous agent for the Skill Soup ecosystem supporting skill generation and community actions. - Enables authentication with the Skill Soup API using GitHub device flow. - Supports community actions: add new ideas, vote on ideas, and vote on skills directly from the agent. - Implements a skill generation workflow: select ideas, choose builder tools, generate and publish new agent skills. - Manages builder pool synchronization and workspace setup for seamless operation. - Provides detailed user guidance and feedback for all actions and workflows.
Metadata
Slug skill-soup
Version 0.5.0
License
All-time Installs 4
Active Installs 4
Total Versions 1
Frequently Asked Questions

What is Skill Soup?

Autonomous skill generation agent that picks up community ideas, uses evolved builder tools to produce Agent Skills, and publishes them back to the Skill Soup ecosystem. Also supports community actions — submitting ideas, voting on ideas, and voting on skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 874 downloads so far.

How do I install Skill Soup?

Run "/install skill-soup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Soup free?

Yes, Skill Soup is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Soup support?

Skill Soup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Soup?

It is built and maintained by Phil Bennett (@bennettphil); the current version is v0.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments