← 返回 Skills 市场
AI Skill Maintainer (EN)
作者
JohnSmithfan
· GitHub ↗
· v1.1.0-en2
· MIT-0
126
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install ai-skill-maintainer
功能描述
AI公司 Skill 维护工作流(CTO 版本govern + CISO security运营standard版)。当需要对已publish的 Skill 进行版本update、bug修复、Function增强、依赖upgrade、security补丁、废弃(deprecation)manage时trigger。...
使用说明 (SKILL.md)
\r \r
AI Skill 维护工作流(CTO × CISO standard)\r
\r
executerole:Skill 维护者(CTO 版本govern + CISO security运营)\r 版本:v1.0.0(CTO-001 版本govern × CISO-001 security运营)\r compliance状态:✅ 维护操作需record,🚨 security补丁走紧急通道\r \r ---\r \r
核心principle\r
\r
- 变更可trace:所有修改必须record版本历史\r
- 向后兼容:MINOR/PATCH 变更不得破坏现有Function\r
- security优先:CISO security补丁走紧急通道,不受正常publishcyclerestrict\r
- 最小变更:只改必要的,不要过度工程化\r \r ---\r \r
Agent 调用接口(Inter-Agent Interface)\r
\r
版本:v1.1.0(新增接口层)\r securityConstraint:接口本身零新增攻击面,所有输入参数均经过verify\r \r ---\r \r
接口身份\r
\r
| 属性 | 值 |\r
|------|-----|\r
| 接口 ID | skill-maintainer-v1 |\r
| 调用方式 | sessions_send / sessions_spawn (isolated) |\r
| 会话Goal | isolated(强制隔离)|\r
| 最低permission | L3(可读写 skills/ 指定目录) |\r
| CISO Constraint | 🚨 security补丁任务必须 CISO-001 authorize,紧急通道优先 |\r
\r
---\r
\r
TASK 消息格式\r
\r
{\r
"skill": "ai-skill-maintainer",\r
"version": "1.1.0",\r
"task": "\x3Ctask-type>",\r
"params": { ... },\r
"context": {\r
"caller": "\x3Ccaller-agent-id>",\r
"priority": "\x3CP0|P1|P2|P3>",\r
"emergency": false,\r
"isolated": true\r
}\r
}\r
```\r
\r
### 可用 Task 类型\r
\r
| Task | 参数 | 返回 | Description |\r
|------|------|------|------|\r
| `diagnose` | `skill-name`, `issue`, `caller` | `{diagnosis, type, severity}` | 诊断问题 |\r
| `patch` | `skill-name`, `version`, `changes`, `caller` | `{new-version, status}` | implement修复 |\r
| `security-patch` | `skill-name`, `cve-id`, `authorization`, `caller` | `{fixed, new-version, notification-sent}` | 🚨 CVE 修复 |\r
| `deprecate` | `skill-name`, `reason`, `replacement`, `caller` | `{deprecated-version, status}` | 废弃 Skill |\r
| `emergency-isolate` | `skill-name`, `reason`, `caller` | `{isolated, affected-versions}` | 🚨 紧急隔离(0-day)|\r
| `health-check` | `skill-name` | `{metrics, status}` | 健康检查 |\r
| `dependency-audit` | `skill-name` | `{dependencies[], cves[]}` | 依赖 CVE 扫描 |\r
\r
### Task 参数 Schema\r
\r
#### `security-patch` 参数\r
\r
```json\r
{\r
"skill-name": "string (required, skill slug)",\r
"cve-id": "string (required, e.g. CVE-YYYY-NNNNN)",\r
"cvss-score": "number (required, 0.0-10.0)",\r
"authorization": "string (required, must be CISO-001)",\r
"caller": "string (required, agent ID)",\r
"changes": {\r
"description": "string (what was changed)",\r
"files": "string[] (list of modified files)",\r
"test-results": "string (test outcome summary)"\r
}\r
}\r
```\r
\r
**CVE 紧急通道 SLA**:\r
\r
| CVSS | trigger | SLA | process |\r
|------|------|-----|------|\r
| 9.0-10.0 | 🚨 紧急隔离 + Patch | ≤ 24h | 紧急通道直通 |\r
| 7.0-8.9 | 紧急 Patch | ≤ 7d | standard通道加速 |\r
| 4.0-6.9 | 计划修复 | ≤ 30d | standard通道 |\r
| 0.1-3.9 | track | 下个版本 | 常规process |\r
\r
#### `emergency-isolate` 参数\r
\r
```json\r
{\r
"skill-name": "string (required)",\r
"reason": "string (required, CVE ID or incident description)",\r
"caller": "string (required, must be CISO-001 or CTO-001)"\r
}\r
```\r
\r
#### `health-check` 参数\r
\r
```json\r
{\r
"skill-name": "string (required)"\r
}\r
```\r
\r
> **健康threshold**(CTO-001 KPI 对齐):TSR \x3C 92% → `UNHEALTHY`;P95 > 1200ms → `DEGRADED`;CVSS ≥ 7.0 → `HIGH_RISK`\r
\r
**返回值示例**:\r
```json\r
{\r
"status": "success",\r
"result": {\r
"skill-name": "pdf-processor",\r
"metrics": {\r
"tsr": 94.2,\r
"p95-latency-ms": 850,\r
"cvss-score": 3.8\r
},\r
"status": "HEALTHY",\r
"recommendations": []\r
}\r
}\r
```\r
\r
#### `dependency-audit` 参数\r
\r
```json\r
{\r
"skill-name": "string (required)"\r
}\r
```\r
\r
**返回值示例**:\r
```json\r
{\r
"status": "success",\r
"result": {\r
"dependencies": [\r
{"name": "requests", "version": "2.28.0", "latest": "2.32.0"}\r
],\r
"cves": [\r
{"id": "CVE-2024-XXXX", "severity": "critical", "fix": "upgrade to 2.32.0+"}\r
]\r
}\r
}\r
```\r
\r
**隔离决策verify**:\r
```python\r
# 伪代码\r
authorized = params["caller"] in {"CISO-001", "CTO-001"}\r
has_reason = len(params["reason"]) > 10\r
if not authorized:\r
raise PermissionError("Only CISO-001 or CTO-001 can trigger emergency isolate")\r
if not has_reason:\r
raise ValueError("Emergency isolate requires documented reason")\r
```\r
\r
### 返回值 Schema\r
\r
```json\r
{\r
"status": "success | error | pending | isolated",\r
"task": "\x3Ctask-type>",\r
"result": { ... },\r
"meta": {\r
"reviewer": "\x3Cagent-id>",\r
"duration-ms": "\x3Celapsed>",\r
"cve-resolved": "\x3CCVE-ID if security-patch>",\r
"sla-status": "WITHIN_SLA | BREACHING | RESOLVED"\r
}\r
}\r
```\r
\r
### 错误码\r
\r
| Code | Meaning | Action |\r
|------|---------|--------|\r
| `E_SKILL_NOT_FOUND` | Skill 不存在 | 返回可用版本列表 |\r
| `E_UNAUTH_PATCH` | 未authorizesecurity补丁 | reject,notify CISO |\r
| `E_CVE_SLA_BREACH` | CVE SLA 即将/已违约 | 上报 CTO + CISO |\r
| `E_ISOLATE_CONFLICT` | 已在隔离状态 | 返回当前状态 |\r
| `E_DEPENDENCY_CVE` | 依赖含已知 CVE | 返回 CVE 详情和修复建议 |\r
| `E_VERSION_CONFLICT` | 版本号冲突 | 返回正确版本号建议 |\r
\r
### Agent 间调用示例\r
\r
```markdown\r
# CTO-001 请求诊断\r
sessions_send(sessionKey="cto-isolated", message="\r
skill: ai-skill-maintainer\r
task: diagnose\r
params:\r
skill-name: pdf-processor\r
issue: User reports skill crashes when processing large files\r
caller: CTO-001\r
priority: P2\r
isolated: true\r
")\r
\r
# CISO-001 请求 CVE 紧急修复\r
sessions_send(sessionKey="ciso-isolated", message="\r
skill: ai-skill-maintainer\r
task: security-patch\r
params:\r
skill-name: pdf-processor\r
cve-id: CVE-2026-12345\r
cvss-score: 9.1\r
authorization: CISO-001\r
caller: CISO-001\r
changes:\r
description: Fixed command injection via path parameter\r
files: [scripts/process.py]\r
test-results: All regression tests pass\r
emergency: true\r
")\r
\r
# CQO-001 请求健康检查\r
sessions_send(sessionKey="cqo-isolated", message="\r
skill: ai-skill-maintainer\r
task: health-check\r
params:\r
skill-name: pdf-processor\r
")\r
```\r
\r
### securityConstraint(接口层)\r
\r
```\r
🚨 接口security红线:\r
• skill-name 参数仅接受 [a-z0-9-] 字符,reject斜杠/点号(防止path注入)\r
• authorization 字段仅接受 CISO-001 签名的security任务\r
• emergency-isolate 仅接受 CISO-001 或 CTO-001 authorize\r
• 隔离execute:所有 agent 调用必须在 isolated 会话中运行\r
• CVE respond:CVSS ≥ 9.0 必须 15 分钟内respond,否则 SLA 违约alert\r
• 日志脱敏:返回结果不得含 caller 私人data\r
```\r
\r
### 与其他 Skill 的接口关系\r
\r
| 调用方 | Task | trigger条件 |\r
|--------|------|---------|\r
| **CTO-001** | `diagnose`, `patch`, `emergency-isolate` | 版本manage/紧急respond |\r
| **CISO-001** | `security-patch`, `emergency-isolate`, `dependency-audit` | CVE handle/security incident |\r
| **CQO-001** | `health-check`, `diagnose` | 质量monitor |\r
| **ai-skill-creator** | `patch` (子 Skill) | 创作process中discover bug |\r
| **ai-skill-optimizer** | `dependency-audit` | optimize前基线检查 |\r
\r
---\r
\r
## 维护场景分类\r
\r
| 场景 | trigger关键词 | 版本upgrade | securityreview |\r
|------|-----------|---------|---------|\r
| Bug 修复 | "修复 bug"、"修复错误" | PATCH | 正常 |\r
| Function增强 | "增强Function"、"新增Function" | MINOR | 正常 |\r
| 不兼容变更 | "Breaking Change"、"重构" | MAJOR | 正常 |\r
| 依赖security补丁 | "security补丁"、"CVE 修复" | PATCH | 🚨 紧急通道 |\r
| 废弃notify | "废弃Skill"、"停用" | PATCH | 正常 |\r
\r
---\r
\r
## standard维护process(5步)\r
\r
### Step 1 — 诊断(Diagnosis)\r
\r
**输入**:用户描述的问题或需求\r
\r
**诊断清单**:\r
\r
```markdown\r
## 诊断record\r
\r
Skill 名称:\x3Cname>\r
当前版本:\x3Cversion>\r
问题类型:[Bug / Function缺失 / security漏洞 / 依赖过时 / 其他]\r
\r
### 问题描述\r
\x3C用户描述>\r
\r
### 复现step(如适用)\r
1.\r
2.\r
3.\r
\r
### 影响范围\r
- 影响的Function:\r
- 影响的用户/Agent:\r
\r
### 初步判断\r
- 根因:\r
- 修复plan:\r
- 版本影响:[PATCH / MINOR / MAJOR]\r
```\r
\r
**CISO security场景判断**:\r
\r
| 判断条件 | 结论 | process |\r
|---------|------|------|\r
| 涉及 CVE/漏洞 | 🚨 security紧急 | 跳至security补丁process |\r
| 涉及凭证泄露 | 🚨 security紧急 | 立即notify + 紧急修复 |\r
| 涉及 PII 泄露 | 🚨 security紧急 | 立即notify + 紧急修复 |\r
| 其他 | ✅ 正常维护 | 继续standardprocess |\r
\r
---\r
\r
### Step 2 — analyze(Analysis)\r
\r
**输出**:[references/maintenance-log.md](references/maintenance-log.md) record\r
\r
#### 2.1 变更范围analyze\r
\r
```markdown\r
### 受影响文件\r
| 文件 | 变更类型 | riskassess |\r
|------|---------|---------|\r
| SKILL.md | [修改/新增/删除] | 🟢 低 |\r
| scripts/*.py | ... | ... |\r
\r
### 兼容性影响\r
- 向后兼容:✅ / ❌\r
- trigger关键词变更:✅ / ❌(如有变更需notify用户)\r
- 工具permission变更:✅ / ❌\r
\r
### 测试计划\r
- [ ] 本地测试用例:\r
- [ ] 回归测试:\r
```\r
\r
#### 2.2 security影响analyze(CTO + CISO)\r
\r
| analyze维度 | 检查项 | 结论 |\r
|---------|--------|------|\r
| **Function影响** | 修改是否改变核心Function? | |\r
| **permission影响** | permission是否变更? | |\r
| **依赖影响** | 依赖是否新增/upgrade/删除? | |\r
| **data影响** | 是否影响datahandle? | |\r
| **security影响** | 变更是否影响security边界? | |\r
\r
---\r
\r
### Step 3 — implement(Implementation)\r
\r
#### 3.1 版本号update\r
\r
```bash\r
# 根据变更类型确定版本\r
# Bug 修复 → vX.Y.Z → vX.Y.(Z+1)\r
# Function增强 → vX.Y.Z → vX.(Y+1).0\r
# Breaking Change → vX.Y.Z → (X+1).0.0\r
# security补丁 → vX.Y.Z → vX.Y.(Z+1) (强制)\r
```\r
\r
#### 3.2 SKILL.md update\r
\r
**update Frontmatter 版本**:\r
```yaml\r
---\r
name: \x3Cskill-name>\r
version: X.Y.Z # ← update版本号\r
description: | # ← 如有变更同步update\r
...\r
---\r
```\r
\r
**update版本历史**(在文件顶部或底部):\r
```markdown\r
## 版本历史\r
\r
| 版本 | 日期 | Changes |\r
|------|------|---------|\r
| X.Y.Z | YYYY-MM-DD | \x3C变更摘要> |\r
| ... | ... | ... |\r
```\r
\r
#### 3.3 scripts/ update\r
\r
**update检查清单**:\r
```markdown\r
- [ ] 脚本已update\r
- [ ] 脚本版本号已update(如有版本mechanism)\r
- [ ] 依赖已update(如有)\r
- [ ] 新增依赖已record\r
- [ ] 脚本测试已通过\r
```\r
\r
---\r
\r
### Step 4 — securityreview(Security Review)\r
\r
> ⚠️ **强制门禁**:所有变更必须通过 CISO securityreview\r
\r
#### 4.1 变更 diff review\r
\r
**reviewChanges**(对比上1版本):\r
- 新增的代码是否含 RED FLAGS?\r
- 修改的代码是否引入新漏洞?\r
- 删除的代码是否影响security边界?\r
\r
#### 4.2 依赖review\r
\r
**检查依赖变更**:\r
```bash\r
# 列出新增/upgrade的依赖\r
# 检查 CVE\r
```\r
\r
**CVE respond SLA**:\r
\r
| CVSS | 严重性 | 修复 SLA |\r
|------|--------|---------|\r
| 9.0-10.0 | Critical | 24小时 |\r
| 7.0-8.9 | High | 7天 |\r
| 4.0-6.9 | Medium | 30天 |\r
| 0.1-3.9 | Low | 下个版本 |\r
\r
#### 4.3 security补丁紧急通道\r
\r
**trigger条件**:discover Critical/High CVE\r
\r
```\r
🚀 紧急通道process:\r
\r
1. 立即隔离:停止问题版本分发\r
2. assess影响:确定受影响的 Skill 和版本\r
3. 紧急修复:最短path修复漏洞\r
4. 快速review:CISO 紧急review(可跳过部分正常process)\r
5. 紧急publish:Patch 版本,立即publish\r
6. 用户notify:notify所有受影响用户\r
```\r
\r
---\r
\r
### Step 5 — verify与publish(Verify & Publish)\r
\r
#### 5.1 verify清单\r
\r
```markdown\r
## publish前verify\r
\r
- [ ] Changes与诊断1致\r
- [ ] 版本号符合变更类型\r
- [ ] securityreview通过\r
- [ ] 脚本测试通过\r
- [ ] changelog 已update\r
- [ ] SKILL.md 已同步update\r
```\r
\r
#### 5.2 publish命令\r
\r
```bash\r
# 打包\r
clawhub package ./\x3Cskill-name> --output ./dist\r
\r
# publish\r
clawhub publish ./\x3Cskill-name> \\r
--slug \x3Cskill-name> \\r
--name "\x3CSkill Name>" \\r
--version X.Y.Z \\r
--changelog "\x3C变更摘要>"\r
```\r
\r
#### 5.3 notify(如有必要)\r
\r
```markdown\r
## 用户notify\r
\r
如有 Breaking Change 或重要security修复:\r
- notify方式:在 Skill 描述中注明\r
- notify内容:\r
• 变更摘要\r
• upgrade建议\r
• 兼容性问题(如有)\r
```\r
\r
---\r
\r
## 版本历史(Changelog)\r
\r
| 版本 | 日期 | Changes | 审核人 |\r
|------|------|---------|--------|\r
| **1.1.0** | 2026-04-13 | 新增 Agent 调用接口层(Inter-Agent Interface):7个 Task 类型(diagnose/patch/security-patch/deprecate/emergency-isolate/health-check/dependency-audit);CVE 紧急通道 SLA system;emergency-isolate authorizeverify;与 ai-skill-creator / ai-skill-optimizer 接口关系Definition | CTO-001 / CISO-001 |\r
| **1.0.0** | 2026-04-11 | Initial version:CTO 版本govern5步维护process + CISO security运营standard(漏洞respond SLA + 补丁manage)+ 废弃manageprocess | CTO-001 / CISO-001 |\r
\r
## rollbackstrategy(Rollback)\r
\r
> 如维护操作失败,execute以下steprecover:\r
\r
```bash\r
# recover到上1个可用版本\r
git checkout tags/v\x3C上1版本> -- SKILL.md scripts/ references/\r
\r
# verifyrollback成功\r
git log --oneline -3\r
```\r
\r
**rollbacktrigger条件**:\r
- `emergency-isolate` 后:满足 CVE 已修复 + CISO-001 复审通过 + CQO-001 验收通过后方可解除隔离\r
- `patch` 失败:rollback到隔离前版本,notify CTO-001\r
- `deprecate` 误操作:recover `deprecated: false`,notify CRO-001\r
\r
---\r
\r
## 废弃(Deprecation)manage\r
\r
### 废弃process\r
\r
```\r
废弃notify(vX.Y.Z)→ 过渡期(建议 30天)→ 正式废弃(vX.Y.Z+1)\r
```\r
\r
### 废弃 SKILL.md 模板\r
\r
```markdown\r
---\r
name: \x3Cdeprecated-skill>\r
version: X.Y.Z\r
description: |\r
⚠️ 【已废弃】此 Skill 已废弃,建议使用 `\x3Cnew-skill>`。\r
废弃日期:YYYY-MM-DD\r
最后支持日期:YYYY-MM-DD\r
迁移指南:见 references/migration.md\r
deprecated: true\r
replacement: \x3Cnew-skill-name>\r
metadata:\r
{"openclaw":{"emoji":"⚠️","os":["linux","darwin","win32"]}}\r
---\r
\r
# ⚠️ 已废弃:\x3CSkill Name>\r
\r
## 废弃notify\r
\r
此 Skill 已于 **YYYY-MM-DD** 正式废弃。\r
\r
### 为什么废弃?\r
\x3C原因>\r
\r
### 替代plan\r
请使用 **\x3Cnew-skill-name>**:\r
- 链接:clawhub install \x3Cnew-skill>\r
\r
### 时间线\r
- 废弃notify:YYYY-MM-DD(vX.Y.Z)\r
- 最后支持:YYYY-MM-DD(vX.Y.Z+1)\r
- 完全移除:待定\r
\r
### 迁移指南\r
详见 [references/migration.md](references/migration.md)\r
```\r
\r
---\r
\r
## 维护record\r
\r
### record模板(save至 `references/maintenance-log.md`)\r
\r
```markdown\r
# Skill 维护record\r
\r
## Skill 信息\r
- 名称:\x3Cname>\r
- 当前版本:\x3Cversion>\r
- 维护者:\x3Cmaintainer>\r
\r
## 维护历史\r
\r
### 维护 #N — YYYY-MM-DD\r
\r
**类型**:[Bug修复/Function增强/security补丁/废弃/其他]\r
**版本**:\x3Cold> → \x3Cnew>\r
**变更摘要**:\x3Csummary>\r
\r
#### 变更详情\r
\x3Cdetailed changes>\r
\r
#### securityreview\r
- CVSS:\x3Cscore>\r
- 结论:[通过/reject/条件通过]\r
\r
#### 测试结果\r
- [ ] 测试通过\r
\r
#### publish信息\r
- publish日期:YYYY-MM-DD\r
- ClawHub 版本:\x3Cversion>\r
```\r
\r
---\r
\r
## 快速参考\r
\r
### trigger命令\r
\r
| 用户请求 | execute动作 |\r
|---------|---------|\r
| "修复 Skill XX 的 bug" | 诊断 → analyze → implement → securityreview → publish |\r
| "为 Skill XX 增加 XX Function" | 需求confirm → analyze → implement → securityreview → publish |\r
| "upgrade Skill XX 的依赖" | 依赖检查 → 兼容性analyze → update → securityreview → publish |\r
| "discover Skill XX 有security漏洞" | 🚨 紧急通道 → 立即隔离 → 紧急修复 → 紧急publish |\r
| "废弃 Skill XX" | 废弃assess → notify用户 → publish废弃版本 → 保留迁移指南 |\r
\r
### 常见错误\r
\r
1. **版本号错误**:Bug 修复用 MAJOR upgrade → 应为 PATCH\r
2. **跳过securityreview**:紧急修复未做securityreview → 必须补审\r
3. **不update changelog**:变更未record → 版本历史不完整\r
4. **Breaking Change 未notify**:未inform用户 → 用户upgrade后Function损坏\r
5. **废弃 Skill 未提供替代**:用户无法迁移 → 影响用户体验\r
\r
---\r
\r
## 版本历史(Changelog)\r
\r
| 版本 | 日期 | Changes | 审核人 |\r
|------|------|---------|--------|\r
| **1.1.0** | 2026-04-13 | 新增 Agent 调用接口层(Inter-Agent Interface):7个 Task 类型(diagnose/patch/security-patch/deprecate/emergency-isolate/health-check/dependency-audit);CVE 紧急通道 SLA system;emergency-isolate authorizeverify;与 ai-skill-creator / ai-skill-optimizer 接口关系Definition | CTO-001 / CISO-001 |\r
| **1.0.0** | 2026-04-11 | Initial version:CTO 版本govern5步维护process + CISO security运营standard(漏洞respond SLA + 补丁manage)+ 废弃manageprocess | CTO-001 / CISO-001 |\r
\r
## rollbackstrategy(Rollback)\r
\r
> 如维护操作失败,execute以下steprecover:\r
\r
```bash\r
# recover到上1个可用版本\r
git checkout tags/v\x3C上1版本> -- SKILL.md scripts/ references/\r
\r
# verifyrollback成功\r
git log --oneline -3\r
```\r
\r
**rollbacktrigger条件**:\r
- `emergency-isolate` 后:满足 CVE 已修复 + CISO-001 复审通过 + CQO-001 验收通过后方可解除隔离\r
- `patch` 失败:rollback到隔离前版本,notify CTO-001\r
- `deprecate` 误操作:recover `deprecated: false`,notify CRO-001\r
\r
**解除 emergency-isolate 条件**:\r
1. CVE 已修复(CVSS \x3C 7.0)\r
2. CISO-001 security复审通过\r
3. CQO-001 质量验收通过\r
4. CTO-001 书面authorize解除隔离\r
安全使用建议
This document is coherent for a skill-maintainer workflow, but it relies on the host platform to enforce isolation and caller identity. Before installing or invoking it, confirm that: 1) the platform enforces caller authentication/authorization (CISO-001/CTO-001 cannot be spoofed), 2) actions that modify skill files require audited, authenticated sessions, 3) emergency-isolate and security-patch are gated by multi-party authorization or at least immutable audit logs, and 4) session isolation (sessions_send/sessions_spawn) is actually supported. If those platform controls are not present, treat the workflow as risky because it permits automated file modifications and emergency isolation based on simple string fields.
功能分析
Type: OpenClaw Skill
Name: ai-skill-maintainer
Version: 1.1.0-en2
The ai-skill-maintainer skill is a high-privilege administrative tool designed to manage, patch, and publish other AI skills. It possesses risky capabilities including shell execution for packaging/publishing (clawhub) and version control (git) as seen in SKILL.md. While the instructions include security-conscious features like path injection prevention and CVE response SLAs, the skill's reliance on prompt-based authorization checks (e.g., verifying 'CISO-001' or 'CTO-001' identities) for sensitive tasks like 'emergency-isolate' and 'security-patch' represents a significant attack surface for prompt injection. No evidence of intentional malice or data exfiltration was found, but the broad permissions required for its stated purpose warrant a suspicious classification.
能力评估
Purpose & Capability
The name/description describe a skill-maintainer workflow and the SKILL.md contains interfaces and task types (diagnose, patch, security-patch, deprecate, isolate, dependency-audit) that align with that purpose. Declared permissions (read/write skills directory, L3) and the tasks that modify skill files are appropriate for a maintainer role.
Instruction Scope
Instructions specify task schemas, an isolated calling model, and simple pseudo-code for authorization. They reference modifying skill files and reading dependency lists (dependencies[], cves[]) which are expected for this workflow. However, the document assumes platform-level enforcement of caller identity/authorization and isolation (e.g., sessions_send/sessions_spawn, L3 permissions) but does not provide strong cryptographic or unforgeable authorization mechanisms — authorization fields are simple strings (CISO-001/CTO-001) and could be spoofed if the platform does not enforce them. This is a design caveat, not an incoherence with stated purpose.
Install Mechanism
No install spec or code files — instruction-only skill. This is lowest-risk from an install perspective and consistent with being a governance/workflow document.
Credentials
No required environment variables, binaries, or config paths are listed. The only implied resource is the ability to read/write the skills directory (L3 permission), which is proportionate to a maintainer workflow.
Persistence & Privilege
always is false and the skill is user-invocable (defaults). The skill's tasks include operations that can change skill files and isolate skills; this is expected for a maintainer. Because the SKILL.md expects emergency isolation and high-priority actions, verify the platform enforces strict audit logging and that only authorized principals can trigger emergency-isolate or security-patch tasks.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-skill-maintainer - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-skill-maintainer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0-en2
Full body English translation
v1.1.0-en
English version
v1.1.0
v1.1.0: 新增Agent调用接口层,7个TASK类型,CVE紧急通道SLA,emergency-isolate授权验证,health-check健康阈值,changelog和回滚策略
元数据
常见问题
AI Skill Maintainer (EN) 是什么?
AI公司 Skill 维护工作流(CTO 版本govern + CISO security运营standard版)。当需要对已publish的 Skill 进行版本update、bug修复、Function增强、依赖upgrade、security补丁、废弃(deprecation)manage时trigger。... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 126 次。
如何安装 AI Skill Maintainer (EN)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-skill-maintainer」即可一键安装,无需额外配置。
AI Skill Maintainer (EN) 是免费的吗?
是的,AI Skill Maintainer (EN) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AI Skill Maintainer (EN) 支持哪些平台?
AI Skill Maintainer (EN) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。
谁开发了 AI Skill Maintainer (EN)?
由 JohnSmithfan(@johnsmithfan)开发并维护,当前版本 v1.1.0-en2。
推荐 Skills