← 返回 Skills 市场
johnsmithfan

AI Skill Optimizer (EN)

作者 JohnSmithfan · GitHub ↗ · v1.1.0-en2 · MIT-0
linuxdarwinwin32 ⚠ suspicious
134
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install ai-skill-optimizer
功能描述
AI公司 Skill optimize工作流(CTO 性能工程 + CISO securityoptimizestandard版)。当需要对现有 Skill 进行性能optimize、Token 节省、上下文精简、security加固、代码重构、质量enhance时trigger。trigger关键词:optim...
使用说明 (SKILL.md)

\r \r

AI Skill optimize工作流(CTO × CISO standard)\r

\r

executerole:Skill optimize者(CTO 性能工程 + CISO security加固)\r 版本:v1.0.0(CTO-001 性能optimize × CISO-001 security加固)\r compliance状态:✅ optimize前必须做影响analyze,🚨 security加固优先于性能optimize\r \r ---\r \r

核心principle\r

\r

  1. security第1:security加固优先于性能optimize,不得以牺牲security换取性能\r
  2. 可量化:optimize必须有明确的metric改善(Token 节省、latency降低等)\r
  3. 无回归:optimize后Function必须与optimize前完全1致\r
  4. 渐进式:每次optimize聚焦1个维度,便于定位问题\r \r ---\r \r

Agent 调用接口(Inter-Agent Interface)\r

\r

版本:v1.1.0(新增接口层)\r securityConstraint:接口本身零新增攻击面,所有输入参数均经过verify\r \r ---\r \r

接口身份\r

\r | 属性 | 值 |\r |------|-----|\r | 接口 ID | skill-optimizer-v1 |\r | 调用方式 | sessions_send / sessions_spawn (isolated) |\r | 会话Goal | isolated(强制隔离)|\r | 最低permission | L3(可读 skills/,可写optimize结果) |\r | CISO Constraint | 🚨 security加固任务(security-harden)必须 CISO-001 authorize |\r \r ---\r \r

TASK 消息格式\r

\r

{\r
  "skill": "ai-skill-optimizer",\r
  "version": "1.1.0",\r
  "task": "\x3Ctask-type>",\r
  "params": { ... },\r
  "context": {\r
    "caller": "\x3Ccaller-agent-id>",\r
    "priority": "\x3CP0|P1|P2|P3>",\r
    "optimization-dimension": "\x3Ctoken|performance|security|quality|full>",\r
    "isolated": true\r
  }\r
}\r
```\r
\r
### 可用 Task 类型\r
\r
| Task | 参数 | 返回 | Description |\r
|------|------|------|------|\r
| `baseline` | `skill-name`, `caller` | `{tokens, p95-latency, cvss, red-flags}` | optimize前baseline测量 |\r
| `token-optimize` | `skill-name`, `target-savings`, `caller` | `{before, after, savings-pct}` | Token optimize |\r
| `performance-optimize` | `skill-name`, `target-latency`, `caller` | `{before, after, p95-ms}` | 性能optimize |\r
| `security-harden` | `skill-name`, `authorization`, `caller` | `{cvss-before, cvss-after, improvements[]}` | 🚨 security加固 |\r
| `quality-improve` | `skill-name`, `target-quality`, `caller` | `{quality-before, quality-after, changes[]}` | 质量enhance |\r
| `full-optimize` | `skill-name`, `dimensions[]`, `caller` | `{all-metrics}` | 全维度optimize |\r
\r
> **`dimensions[]` 可选值**:`"token"` \| `"performance"` \| `"security"` \| `"quality"`(默认全部)\r
| `compare` | `skill-name` | `{baseline, current, delta}` | optimize前后对比report |\r
\r
### Task 参数 Schema\r
\r
#### `baseline` 参数\r
\r
```json\r
{\r
  "skill-name": "string (required, skill slug)",\r
  "caller":     "string (required, agent ID)"\r
}\r
```\r
\r
**返回示例**:\r
```json\r
{\r
  "status": "success",\r
  "result": {\r
    "skill-name": "pdf-processor",\r
    "version":    "1.0.0",\r
    "tokens":     {\r
      "skill-md":   4200,\r
      "references": 1850,\r
      "scripts":    320,\r
      "total":      6370\r
    },\r
    "performance": {\r
      "p95-latency-ms": 850,\r
      "avg-latency-ms": 420\r
    },\r
    "security": {\r
      "cvss-score":  5.3,\r
      "red-flags":   0,\r
      "stride-passes": 6\r
    },\r
    "quality": {\r
      "quality-gate-score": 7,\r
      "gates-passed": 5,\r
      "gates-failed": 2\r
    }\r
  }\r
}\r
```\r
\r
#### `security-harden` 参数\r
\r
```json\r
{\r
  "skill-name":    "string (required)",\r
  "authorization": "string (required, must be CISO-001)",\r
  "hardening-target": "critical | high | medium (default: high)",\r
  "caller":        "string (required)"\r
}\r
```\r
\r
**输入verify**:\r
```python\r
# 伪代码\r
if params["skill-name"].contains("..") or "/" in params["skill-name"]:\r
    raise ValueError("Invalid skill-name: path traversal detected")\r
if params["authorization"] != "CISO-001":\r
    raise PermissionError("security-harden requires CISO-001 authorization")\r
```\r
\r
### 返回值 Schema\r
\r
```json\r
{\r
  "status":   "success | error | pending | no-improvement-needed",\r
  "task":     "\x3Ctask-type>",\r
  "result": {\r
    "skill-name":  "\x3Cname>",\r
    "version-before": "\x3Cversion>",\r
    "version-after":  "\x3Cversion>",\r
    "improvements":   [ ... ],\r
    "metrics": { ... }\r
  },\r
  "meta": {\r
    "reviewer":    "\x3Cagent-id>",\r
    "duration-ms": "\x3Celapsed>",\r
    "savings": {\r
      "tokens":  "\x3CN tokens saved>",\r
      "latency": "\x3CN ms saved>",\r
      "cvss":    "\x3Cbefore → after>"\r
    }\r
  }\r
}\r
```\r
\r
### 错误码\r
\r
| Code | Meaning | Action |\r
|------|---------|--------|\r
| `E_SKILL_NOT_FOUND` | Skill 不存在 | 返回错误 |\r
| `E_NO_IMPROVEMENT` | optimize收益 \x3C 5% | 返回当前metric,停止无效optimize |\r
| `E_REGRESSION` | optimize导致Function退化 | 自动rollback,report regression |\r
| `E_UNAUTH_HARDEN` | 未authorizesecurity加固 | reject,notify CISO |\r
| `E_SECURITY_REGRESSION` | 加固后 CVSS 恶化 | reject,triggerrollback |\r
| `E_NO_BASELINE` | 无baselinedata | 先execute baseline 再optimize |\r
\r
### Agent 间调用示例\r
\r
```markdown\r
# CTO-001 请求全维度optimize\r
sessions_send(sessionKey="cto-isolated", message="\r
skill: ai-skill-optimizer\r
task: full-optimize\r
params:\r
  skill-name: pdf-processor\r
  dimensions: [token, performance]\r
  caller: CTO-001\r
context:\r
  priority: P1\r
  optimization-dimension: full\r
isolated: true\r
")\r
\r
# CISO-001 请求security加固\r
sessions_send(sessionKey="ciso-isolated", message="\r
skill: ai-skill-optimizer\r
task: security-harden\r
params:\r
  skill-name: pdf-processor\r
  authorization: CISO-001\r
  hardening-target: critical\r
  caller: CISO-001\r
")\r
\r
# CQO-001 请求质量enhance\r
sessions_send(sessionKey="cqo-isolated", message="\r
skill: ai-skill-optimizer\r
task: quality-improve\r
params:\r
  skill-name: pdf-processor\r
  target-quality: 9\r
  caller: CQO-001\r
")\r
\r
# CQO-001 请求baseline测量(optimize前)\r
sessions_send(sessionKey="cqo-isolated", message="\r
skill: ai-skill-optimizer\r
task: baseline\r
params:\r
  skill-name: pdf-processor\r
  caller: CQO-001\r
")\r
```\r
\r
### securityConstraint(接口层)\r
\r
```\r
🚨 接口security红线:\r
• skill-name 仅接受 [a-z0-9-] 字符,reject `..` 和 `/`(防path遍历注入)\r
• security-harden 必须 CISO-001 authorize,其他 Agent 无法绕过\r
• security-regression prohibit:加固后 CVSS 必须 ≤ 加固前\r
• 隔离execute:所有 agent 调用必须在 isolated 会话中运行\r
• 最小respond:返回结果仅包含metric差值,不暴露内部代码\r
• 回归protect:optimize后自动运行回归测试,失败则reject交付\r
```\r
\r
### 与其他 Skill 的接口关系\r
\r
| 调用方 | Task | trigger条件 |\r
|--------|------|---------|\r
| **CTO-001** | `full-optimize`, `token-optimize`, `performance-optimize` | quarterlyoptimize/用户投诉 |\r
| **CISO-001** | `security-harden` | securityassessdiscoverrisk |\r
| **CQO-001** | `baseline`, `quality-improve`, `compare` | quality assessment/optimizeverify |\r
| **ai-skill-maintainer** | `security-harden` | Patch 后security复验 |\r
| **ai-skill-creator** | `baseline` | 新建 Skill 的初始baseline |\r
\r
---\r
\r
## optimize维度\r
\r
| 维度 | Goal | metric | 优先级 |\r
|------|------|------|--------|\r
| **Token optimize** | 减少 SKILL.md 上下文占用 | Token 数 ↓ | P1 |\r
| **性能optimize** | 降低executelatency | P95 latency ↓ | P2 |\r
| **代码optimize** | 提高脚本execute效率 | 吞吐量 ↑ | P2 |\r
| **security加固** | 缩小攻击面 | security评分 ↑ | P0(强制)|\r
| **可维护性** | 提高代码质量 | 评分 ↑ | P3 |\r
\r
> **优先级规则**:P0(security)无条件execute,P1(Token)影响成本,P2(性能)影响体验,P3(可维护)长期价值\r
\r
---\r
\r
## 4步optimizeprocess\r
\r
### Step 1 — baseline测量(Baseline)\r
\r
**输出**:optimize前的各项metricbaseline值\r
\r
#### 1.1 Token analyze\r
\r
```bash\r
# 统计 SKILL.md Token 数(估算:1 Token ≈ 4 字符)\r
wc -c SKILL.md  # 字节数\r
grep -c "^" SKILL.md  # 行数\r
\r
# 统计 references/ 总 Token 数\r
cat references/*.md | wc -c\r
```\r
\r
**Token 预算Goal**(CTO 建议):\r
| 文件类型 | Goal上限 | Description |\r
|---------|---------|------|\r
| SKILL.md | \x3C 5,000 tokens | 主trigger文件 |\r
| 单个引用文件 | \x3C 2,000 tokens | references/ |\r
| 脚本注释 | \x3C 500 tokens | 精简注释 |\r
\r
#### 1.2 性能baseline\r
\r
```markdown\r
## 性能baselinerecord\r
\r
Skill:\x3Cname>\r
测试日期:\x3CISO date>\r
环境:\x3C测试环境描述>\r
\r
### execute时间\r
- 平均latency:\x3CX>ms\r
- P95 latency:\x3CX>ms\r
- P99 latency:\x3CX>ms\r
\r
### 资源使用\r
- 内存峰值:\x3CX>MB\r
- CPU 使用率:\x3CX>%\r
\r
### security基线\r
- RED FLAGS:\x3Ccount>\r
- CVSS 评分:\x3Cscore>\r
- 攻击面assess:\x3Cdescription>\r
```\r
\r
#### 1.3 security基线\r
\r
**execute CISO securityreview(完整 Phase 4)**:\r
- STRIDE 威胁建模\r
- CVSS 漏洞评分\r
- permission范围assess\r
\r
---\r
\r
### Step 2 — optimizeanalyze(Analysis)\r
\r
#### 2.1 Token optimizeanalyze\r
\r
| optimizestrategy | 预期节省 | 适用场景 |\r
|---------|---------|---------|\r
| **渐进式披露** | 20-40% | 详细文档 > 100 行 |\r
| **代码外置** | 30-50% | 重复代码块 |\r
| **引用外置** | 40-60% | API 文档/Schema |\r
| **精简描述** | 10-20% | 冗长的 description |\r
\r
**Token optimize检查清单**:\r
```markdown\r
- [ ] SKILL.md 是否超过 500 行? → 拆分到 references/\r
- [ ] 是否有重复的代码示例? → 合并/外置\r
- [ ] 是否有冗长的解释? → 精简为要点\r
- [ ] 是否有不必要的示例? → 删除\r
- [ ] Frontmatter 是否过于复杂? → 精简 metadata\r
```\r
\r
#### 2.2 性能optimizeanalyze\r
\r
| 瓶颈类型 | identify方法 | optimizeplan |\r
|---------|---------|---------|\r
| **I/O 瓶颈** | 等待文件/网络 | 批量操作、缓存 |\r
| **CPU 瓶颈** | 密集计算 | 算法optimize、并行化 |\r
| **内存瓶颈** | 大文件handle | 流式handle、分块 |\r
| **start瓶颈** | 脚本加载慢 | 懒加载、on-demand导入 |\r
\r
**性能optimize检查清单**:\r
```markdown\r
- [ ] 脚本是否有不必要的导入? → on-demand导入\r
- [ ] 是否有重复的文件读写? → 批量操作\r
- [ ] 正则表达式是否低效? → 预编译/非贪婪\r
- [ ] 是否有阻塞操作? → 异步化\r
- [ ] 错误handle是否过于复杂? → 简化逻辑\r
```\r
\r
#### 2.3 security加固analyze\r
\r
**攻击面assess矩阵**:\r
\r
| 维度 | optimize前 | optimize后 | 改善 |\r
|------|--------|--------|------|\r
| 文件permission | 宽松 | 严格 | ⬆️ |\r
| 网络调用 | 多 | 少 | ⬆️ |\r
| 依赖数量 | 多 | 少 | ⬆️ |\r
| 硬编码值 | 多 | 少 | ⬆️ |\r
| 错误信息 | 详细 | 泛化 | ⬆️ |\r
\r
**security加固优先级**:\r
\r
| 优先级 | 加固项 | 预期效果 |\r
|--------|--------|---------|\r
| P0 | 移除硬编码密钥 | 消除高危漏洞 |\r
| P0 | 收紧文件permission | 防止越权访问 |\r
| P0 | 减少依赖 | 缩小攻击面 |\r
| P1 | 泛化错误信息 | 防止信息泄露 |\r
| P1 | 输入verify强化 | 防止注入攻击 |\r
| P2 | 添加超时protect | 防止 DoS |\r
| P2 | 日志脱敏 | 防止 PII 泄露 |\r
\r
---\r
\r
### Step 3 — implementoptimize(Implementation)\r
\r
> **⚠️ 重要**:在implement任何optimize之前,先在 isolated 会话中测量baseline(Step 1),保留baseline快照。\r
\r
#### 3.1 Token optimizeimplement\r
\r
**strategy A:渐进式披露重构** → [详见 references/optimization-patterns.md — 模式 A](../references/optimization-patterns.md#1-模式a渐进式披露重构)\r
- 将 > 50行的详细文档外置到 `references/`\r
- 主文件 SKILL.md 仅保留摘要 + 链接\r
- 预期节省:20-40%\r
\r
**strategy B:代码外置** → [详见 references/optimization-patterns.md — 模式 B](../references/optimization-patterns.md#1-模式b代码外置)\r
- 将 > 20行的代码块外置到 `scripts/` 或 `references/`\r
- 主文件仅保留调用命令和Description\r
- 预期节省:30-50%\r
\r
**Token optimize检查清单**:\r
```markdown\r
- [ ] SKILL.md 是否超过 500 行? → 拆分到 references/\r
- [ ] 是否有重复的代码示例? → 合并/外置\r
- [ ] 是否有冗长的解释? → 精简为要点\r
- [ ] 是否有不必要的示例? → 删除\r
- [ ] Frontmatter 是否过于复杂? → 精简 metadata\r
```\r
\r
#### 3.2 性能optimizeimplement\r
\r
**strategy A:懒加载** → [详见 references/optimization-patterns.md — 模式 C](../references/optimization-patterns.md#2-模式c懒加载)\r
- on-demand导入,避免start时加载全部模块\r
\r
**strategy B:缓存结果** → [详见 references/optimization-patterns.md — 模式 D](../references/optimization-patterns.md#2-模式d缓存结果)\r
- 重复计算结果缓存,避免每次调用重新获取\r
\r
**strategy C:批量操作** → [详见 references/optimization-patterns.md — 模式 E](../references/optimization-patterns.md#2-模式e批量操作)\r
- 批量读写替代逐个操作\r
\r
**性能optimize检查清单**:\r
```markdown\r
- [ ] 脚本是否有不必要的导入? → on-demand导入\r
- [ ] 是否有重复的文件读写? → 批量操作\r
- [ ] 正则表达式是否低效? → 预编译/非贪婪\r
- [ ] 是否有阻塞操作? → 异步化\r
- [ ] 错误handle是否过于复杂? → 简化逻辑\r
```\r
\r
#### 3.3 security加固implement\r
\r
**strategy A:移除硬编码** → [详见 references/optimization-patterns.md — 模式 F](../references/optimization-patterns.md#3-模式f移除硬编码密钥)\r
- API 密钥/令牌改为环境变量读取\r
\r
**strategy B:输入verify强化** → [详见 references/optimization-patterns.md — 模式 G](../references/optimization-patterns.md#3-模式g输入verify强化)\r
- Skill 名称正则verify:`^[a-z][a-z0-9-]{2,64}$`\r
- path遍历检查:reject `..` 和 `/`\r
\r
**strategy C:超时protect** → [详见 references/optimization-patterns.md — 模式 H](../references/optimization-patterns.md#3-模式h超时protect)\r
- 添加操作超时restrict,防止 DoS\r
\r
**security加固检查清单**:\r
```markdown\r
- [ ] 是否有硬编码的密钥或令牌? → 改为环境变量\r
- [ ] path参数是否有遍历检查? → 添加verify\r
- [ ] 错误信息是否泛化? → 移除内部path泄露\r
- [ ] 操作是否有超时restrict? → 添加 timeout\r
```\r
\r
#### 3.4 回归protect(自动)\r
\r
> **🚨 securityConstraint**:任何optimize后若回归测试失败,必须自动rollback,不得交付退化版本。\r
\r
optimize后若回归测试失败,execute以下step:\r
\r
1. **自动rollback至 baseline 版本**:\r
   ```bash\r
   git checkout tags/v\x3Cbaseline-version> -- SKILL.md scripts/ references/\r
   ```\r
2. **record regression**:将详情写入 `references/optimization-log.md`\r
3. **notify caller**:返回 `E_REGRESSION`,附 delta metric\r
\r
---\r
\r
### Step 4 — verify与对比(Verify & Compare)\r
\r
#### 4.1 optimize后测量\r
\r
```markdown\r
## optimize后metric\r
\r
### Token 节省\r
- optimize前:\x3CX> tokens\r
- optimize后:\x3CY> tokens\r
- 节省:\x3CZ>% ✅\r
\r
### 性能改善\r
- P95 latency:\r
  - optimize前:\x3CX>ms\r
  - optimize后:\x3CY>ms\r
  - 改善:\x3CZ>% ✅\r
\r
### security加固\r
- CVSS 评分:\r
  - optimize前:\x3CX.Y>\r
  - optimize后:\x3CY.Z>\r
  - 改善:✅\r
- RED FLAGS:\r
  - optimize前:\x3Ccount>\r
  - optimize后:\x3Ccount>\r
```\r
\r
#### 4.2 Function回归测试\r
\r
```markdown\r
## 回归测试\r
\r
- [ ] 所有原有Function仍然正常工作\r
- [ ] trigger关键词仍然有效\r
- [ ] 错误handle与optimize前1致\r
- [ ] 输出格式与optimize前1致\r
```\r
\r
#### 4.3 securityverify\r
\r
> ⚠️ **security加固后必须重新review**\r
\r
- [ ] CISO securityreview通过(CVSS \x3C 7.0)\r
- [ ] STRIDE 威胁建模无新增risk\r
- [ ] permission范围已最小化\r
- [ ] 无新引入的依赖\r
\r
#### 4.4 publish\r
\r
```bash\r
# 打包\r
clawhub package ./\x3Cskill-name> --output ./dist\r
\r
# publish\r
clawhub publish ./\x3Cskill-name> \\r
  --slug \x3Cskill-name> \\r
  --name "\x3CSkill Name>" \\r
  --version X.Y.Z \\r
  --changelog "optimize:Token 节省 X%,P95 latency降低 Y%,security加固"\r
```\r
\r
---\r
\r
## optimizerecord模板\r
\r
**save至 `references/optimization-log.md`**:\r
\r
```markdown\r
# Skill optimizerecord\r
\r
## Skill 信息\r
- 名称:\x3Cname>\r
- optimize前版本:\x3Cversion>\r
- optimize后版本:\x3Cversion>\r
- optimize日期:\x3CISO date>\r
\r
## optimize摘要\r
\r
### Token optimize\r
- optimize前:\x3CX> tokens\r
- optimize后:\x3CY> tokens\r
- 节省:\x3CZ>%\r
\r
### 性能optimize\r
| metric | optimize前 | optimize后 | 改善 |\r
|------|--------|--------|------|\r
| P95 latency | Xms | Yms | Z% |\r
\r
### security加固\r
- CVSS 改善:\x3CX.Y> → \x3CY.Z>\r
- 主要加固项:\r
  - \x3Citem 1>\r
  - \x3Citem 2>\r
\r
## 详细变更\r
\r
### 变更 #1:\x3C标题>\r
**类型**:[Token/性能/security/代码]\r
**optimize前**:\x3C描述>\r
**optimize后**:\x3C描述>\r
**代码**:\r
\`\`\`\r
\x3Cdiff>\r
\`\`\`\r
\r
## verify结果\r
\r
| 测试项 | 结果 |\r
|--------|------|\r
| 回归测试 | ✅ |\r
| Token 测量 | ✅ |\r
| 性能测试 | ✅ |\r
| securityreview | ✅ |\r
\r
## publish信息\r
- 版本:\x3Cversion>\r
- publish日期:\x3Cdate>\r
- changelog:\x3Ctext>\r
```\r
\r
---\r
\r
## 快速参考\r
\r
### trigger命令\r
\r
| 用户请求 | optimize维度 | 优先级 |\r
|---------|---------|--------|\r
| "减少 Skill XX 的 Token 占用" | Token | P1 |\r
| "加快 Skill XX 的execute速度" | 性能 | P2 |\r
| "加固 Skill XX 的security性" | security | P0 |\r
| "重构 Skill XX 的代码" | 可维护性 | P3 |\r
| "全面optimize Skill XX" | 全部 | P0→P1→P2→P3 |\r
\r
### 常见错误\r
\r
1. **跳过baseline测量**:未测量就optimize,无法verify效果\r
2. **security为性能让路**:discoversecurity问题时必须优先修复\r
3. **过度optimize**:Token 节省 \x3C 5% 无实际价值\r
4. **破坏Function**:optimize后Function异常,必须rollback\r
5. **不recordoptimize**:历史optimize未record,无法trace\r
\r
---\r
\r
## 版本历史(Changelog)\r
\r
| 版本 | 日期 | Changes | 审核人 |\r
|------|------|---------|--------|\r
| **1.1.0** | 2026-04-13 | 新增 Agent 调用接口层(Inter-Agent Interface):7个 Task 类型(baseline/token-optimize/performance-optimize/security-harden/quality-improve/full-optimize/compare);PDCA quality gatesystem;optimize前后对比report模板;`E_REGRESSION` 回归protect自动rollback;新增 references/optimization-patterns.md(代码optimize示例参考) | CTO-001 / CISO-001 |\r
| **1.0.0** | 2026-04-11 | Initial version:4步optimizeprocess(Baseline → Analysis → Implementation → Verify)+ 4个optimize维度(Token/性能/security/质量)+ G0-G4 quality gate | CTO-001 / CISO-001 |\r
\r
## rollbackstrategy(Rollback)\r
\r
> 如optimize后回归测试失败,execute以下steprecover:\r
\r
```bash\r
# 自动rollback至 baseline 版本\r
git checkout tags/v\x3Cbaseline-version> -- SKILL.md scripts/ references/\r
\r
# verifyrollback成功\r
git log --oneline -3\r
```\r
\r
**rollbacktrigger条件**:\r
- 回归测试失败(E_REGRESSION)\r
- CVSS 评分恶化(security-regression)\r
- optimize后 TSR \x3C 85%(Function严重退化)\r
\r
**rollback后操作**:\r
1. record regression 详情至 `references/optimization-log.md`\r
2. notify caller:返回 `E_REGRESSION`,附 delta metric\r
3. analyze退化原因,修复后重新optimize\r
安全使用建议
This skill claims to analyze and modify other skills (performance and security hardening) but does not declare the permissions, config paths, or platform APIs it needs. Before installing or enabling it in any environment, ask the publisher for: (1) explicit list of required platform permissions and config paths (where it will read/write skills); (2) the exact mechanism for 'CISO-001' authorization (is it integrated with your identity system or just a string parameter?); (3) a safety plan: staging-only operation, backups, audit logs, and automatic rollback behavior; (4) provenance or source code for the logic used to modify skills so you can review changes; and (5) tests or example runs showing non-destructive behavior. If you cannot get those, run it only in an isolated staging environment with full backups and human approval gates for any writes. Additional information that would raise confidence to 'benign': clear declared required permissions/config paths, integration with your platform's auth and audit logs, and an explicit change-review workflow enforced by the skill.
功能分析
Type: OpenClaw Skill Name: ai-skill-optimizer Version: 1.1.0-en2 The skill acts as a high-privilege 'Optimizer' designed to modify, measure, and publish other AI skills. It utilizes shell commands (e.g., git, wc, clawhub) and performs file system operations in SKILL.md, which are inherently risky capabilities even if aligned with the stated purpose. While it includes basic security logic like path traversal checks and simulated authorization (e.g., 'CISO-001'), the ability to rewrite code and publish artifacts creates a significant attack surface for potential privilege escalation or unauthorized modifications if the agent's input sanitization is bypassed.
能力评估
Purpose & Capability
Name and description match the SKILL.md intent (token/performance/security/quality optimization). However the document presumes read/write access to other skills (mentions "可读 skills/", "可写optimize结果", L3 permission) and use of platform session APIs, yet the skill declares no required config paths, env vars, or credentials. That gap is incoherent: a tool that edits other skills legitimately needs explicit permission/config requirements.
Instruction Scope
SKILL.md defines task types (baseline, token-optimize, security-harden, full-optimize) and gives session invocation examples that imply locating, analyzing, and modifying other skill artifacts. It includes input validation snippets (good) but does not specify where skill artifacts live, how writes are performed, or what audit/rollback mechanisms are enforced. The instructions therefore grant broad discretion to touch other skills without specified guardrails.
Install Mechanism
Instruction-only skill with no install steps or code files present — lowest install risk. No downloads or extraction operations are declared.
Credentials
No environment variables, credentials, or config paths are declared, yet the spec expects platform-level permissions (L3) and CISO authorization tokens (string 'CISO-001') to perform security hardening and write results. Requiring a CISO authorization as a string parameter is not a real credential control unless integrated with platform auth. The absence of explicit credential/config requirements is disproportionate to the described capability.
Persistence & Privilege
always:false and normal model invocation are fine. But SKILL.md explicitly describes modifying other skills (optimize results, security hardening, rollbacks). A skill that can change other skills' code/config should declare that it will modify system/skill storage and list necessary permissions, audit/logging, and rollback controls. The current spec lacks those, which raises privilege and persistence concerns.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ai-skill-optimizer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ai-skill-optimizer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0-en2
Full body English translation
v1.1.0-en
English version
v1.1.0
v1.1.0: 新增Agent调用接口层,7个TASK类型,PDCA质量门禁,E_REGRESSION回归保护,references/optimization-patterns.md代码示例,changelog和回滚策略
元数据
Slug ai-skill-optimizer
版本 1.1.0-en2
许可证 MIT-0
累计安装 1
当前安装数 0
历史版本数 3
常见问题

AI Skill Optimizer (EN) 是什么?

AI公司 Skill optimize工作流(CTO 性能工程 + CISO securityoptimizestandard版)。当需要对现有 Skill 进行性能optimize、Token 节省、上下文精简、security加固、代码重构、质量enhance时trigger。trigger关键词:optim... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。

如何安装 AI Skill Optimizer (EN)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-skill-optimizer」即可一键安装,无需额外配置。

AI Skill Optimizer (EN) 是免费的吗?

是的,AI Skill Optimizer (EN) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

AI Skill Optimizer (EN) 支持哪些平台?

AI Skill Optimizer (EN) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 AI Skill Optimizer (EN)?

由 JohnSmithfan(@johnsmithfan)开发并维护,当前版本 v1.1.0-en2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论