← Back to Skills Marketplace
SkillCompass — Skill Evolution Engine
by
krishna-505
· GitHub ↗
· v1.1.0
· MIT-0
2953
Downloads
123
Stars
32
Active Installs
7
Versions
Install in OpenClaw
/install skill-compass
Description
Evaluate skill quality, find the weakest dimension, and apply directed improvements. Also tracks usage to spot idle or risky skills. Use when: first session...
Usage Guidance
Install only if you want a powerful local skill-management tool that can monitor skill use, scan installed skills, write snapshots/logs, and run local commands. Review hooks/hooks.json, lib/update-checker.js, commands/setup.md, and shared/tool-instructions.md first. Avoid enabling the statusLine option until the missing hud-extra.js path is resolved, do not trust custom security tool commands from untrusted .skill-compass/config.json, and back up ~/.claude/settings.json and important skills before using write/update/rollback flows.
Capability Analysis
Type: OpenClaw Skill
Name: skill-compass
Version: 1.1.0
This skill bundle is classified as malicious due to multiple indicators of deceptive and harmful intent. It employs string-splitting obfuscation in `lib/patterns.js` and `hooks/scripts/eval-gate.js` to evade static analysis and hide a security 'gate bypass' file named `.ga-te-bypass`. The `SKILL.md` file contains prompt injection instructions that command the AI agent to auto-execute an onboarding process on session start without user intervention, which includes modifying the user's global `~/.claude/settings.json` to establish persistence for an external script. Additionally, the `SECURITY.md` file falsely claims 'Zero Network Activity' despite `lib/update-checker.js` containing logic for remote `git fetch` and `pull` operations. The bundle also references a missing script (`scripts/hud-extra.js`) for the persistent status line, which is a common characteristic of staged malware.
Capability Assessment
Purpose & Capability
The core evaluator and skill-management purpose is coherent, but the effective capability set is broader than the short description: automatic onboarding, usage tracking, snapshots, rollback, external security tools, statusLine configuration, and git update management.
Instruction Scope
The SessionStart flow tells the agent to run onboarding and quick scanning on first interaction without waiting for a command. Several commands also use Bash/Node and broad skill discovery across user and project skill roots.
Install Mechanism
Install instructions are ordinary clone/npm/rsync steps and package.json has no install script, but hooks.json registers persistent SessionStart, SessionEnd, PostToolUse Skill, and PostToolUse Write/Edit commands.
Credentials
Reading installed skills is purpose-aligned, but the scan reaches user-level skill directories and optional OpenClaw extraDirs, can execute configured security tools, and update flows run git fetch/pull. SECURITY.md and SKILL.md also claim no network calls despite the explicit update feature.
Persistence & Privilege
The skill writes .skill-compass state, usage logs, inbox data, snapshots, manifests, audit logs, and optionally ~/.claude/settings.json. Its edit hooks fall back to writing .skill-compass under the home directory when no git root is found.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-compass - After installation, invoke the skill by name or use
/skill-compass - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
SkillCompass 1.1 release
v1.0.5
D5 and D6 scoring stability, JavaScript pre-eval scan rewrite, and test hardening.
v1.0.4
Add /setup first-run inventory with dual-mode (manual + auto-trigger), OpenClaw compatibility, snapshot diffs, and scenario-based output.
v1.0.3
Add SECURITY.md trust model, declare executable metadata, reference security docs from SKILL.md.
v1.0.2
Remove remaining static scan pattern in security-validator.
v1.0.1
Fix static scan warnings, improve security detection coverage.
v1.0.0
Initial release — six-dimension evaluation, directed improvement loop, security gate, version management, batch audit.
Metadata
Frequently Asked Questions
What is SkillCompass — Skill Evolution Engine?
Evaluate skill quality, find the weakest dimension, and apply directed improvements. Also tracks usage to spot idle or risky skills. Use when: first session... It is an AI Agent Skill for Claude Code / OpenClaw, with 2953 downloads so far.
How do I install SkillCompass — Skill Evolution Engine?
Run "/install skill-compass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SkillCompass — Skill Evolution Engine free?
Yes, SkillCompass — Skill Evolution Engine is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SkillCompass — Skill Evolution Engine support?
SkillCompass — Skill Evolution Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SkillCompass — Skill Evolution Engine?
It is built and maintained by krishna-505 (@krishna-505); the current version is v1.1.0.
More Skills