← Back to Skills Marketplace
Skill Radar
by
freeter226
· GitHub ↗
· v1.1.1
· MIT-0
160
Downloads
0
Stars
1
Active Installs
4
Versions
Install in OpenClaw
/install skill-radar
Description
Scan, analyze, and optimize your AI skill ecosystem. Diagnose skill usage, discover capability gaps, and check version updates in one command. Trigger on "sk...
Usage Guidance
This skill appears to do what it says: it inspects your installed Skills, reads local workspace files and session logs, queries ClawHub via npx, and writes caches under ~/.openclaw/workspace. Before installing, consider: 1) it will access sensitive conversation logs and workspace configs — only use it if you trust the skill and its source; 2) it calls external CLIs (openclaw, npx clawhub) which may contact remote services; ensure those CLIs are from trusted origins; 3) it may execute a local mem0 list.py if present — review that script before allowing it to run; 4) caches are stored in your home directory and can be removed by deleting ~/.openclaw/workspace/.skill-radar-*.json. If you want extra assurance, run it in a constrained or non-production environment first and inspect its output and created cache files.
Capability Analysis
Type: OpenClaw Skill
Name: skill-radar
Version: 1.1.1
The 'skill-radar' bundle acts as a diagnostic and optimization tool that performs extensive reading of sensitive local data, including conversation logs (~/.openclaw/agents/main/sessions/*.jsonl), memory files (MEMORY.md), and workspace configurations. It executes shell commands via a risky 'run_cmd' wrapper in 'scripts/utils.py' that is vulnerable to shell injection, particularly in 'scripts/scanner.py' where search queries and skill names are interpolated into command strings. While the logic (including a regex-based security scanner for other skills) aligns with its stated purpose, the combination of broad access to private data and unsafe execution patterns warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description (Skill Radar) align with required binaries (python3, openclaw) and the code: it reads OpenClaw skill lists, checks ClawHub versions, searches ClawHub and inspects skills. Required tools and operations are proportional to scanning, version checks, usage analysis and recommendations.
Instruction Scope
The runtime will read user workspace files and logs (e.g., ~/.openclaw/workspace/MEMORY.md, HEARTBEAT.md, AGENTS.md, session logs in ~/.openclaw/agents/main/sessions) and optional mem0 data. This is necessary for usage analysis and recommendations, but these are sensitive data sources (conversation history, configs). It also invokes external CLIs (openclaw, npx clawhub) and may run a mem0 list.py if present.
Install Mechanism
No install script — instruction-only with bundled Python scripts. No downloads or remote installers. The skill writes cache files under ~/.openclaw/workspace (ClawHub and security caches) which is expected for local caching.
Credentials
The skill declares no required environment variables or credentials. It does call system CLIs and reads files under the user's home/openclaw workspace; those accesses are consistent with analyzing local skills and user session data.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It creates and updates local cache files (~/.openclaw/workspace/.skill-radar-*.json) and may inspect installed skill directories (including detected bundled OpenClaw paths). This is normal for its purpose but means it will persist scan/cache state locally.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-radar - After installation, invoke the skill by name or use
/skill-radar - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Translate docs to English, remove Mem0 references
v1.1.0
Version 1.1.0 of skill-radar
- Added version field to SKILL.md and included new _meta.json file for metadata.
- Improved overall metadata structure.
- No changes to user-facing commands or main features.
v1.0.1
Remove self-triggering security scan patterns (eval/exec/subprocess rules now use string concatenation), replace shell=True with /bin/sh -c
v1.0.0
Initial release: usage analysis, status check, smart recommendations with security scanning, version check
Metadata
Frequently Asked Questions
What is Skill Radar?
Scan, analyze, and optimize your AI skill ecosystem. Diagnose skill usage, discover capability gaps, and check version updates in one command. Trigger on "sk... It is an AI Agent Skill for Claude Code / OpenClaw, with 160 downloads so far.
How do I install Skill Radar?
Run "/install skill-radar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Radar free?
Yes, Skill Radar is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Radar support?
Skill Radar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Radar?
It is built and maintained by freeter226 (@freeter226); the current version is v1.1.1.
More Skills