← 返回 Skills 市场

GitHub Gem Seeker

Name: GitHub Gem Seeker
Author: wells1137

作者 Wells Wu · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

484

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-gem-seeker

功能描述

Search GitHub for battle-tested solutions instead of reinventing the wheel. Use when the user problem is universal enough that open source developers have pr...

使用说明 (SKILL.md)

GitHub Gem Seeker

Find and use battle-tested open source projects on GitHub to solve the user's problem immediately. After successfully solving the problem, offer to package the solution into a reusable skill.

Core Philosophy

Classic open source projects, tested by countless users over many years, are far more reliable than code written from scratch. Solve the problem first, skill-ify later.

Workflow

Step 1: Understand the Need

Clarify what the user wants to accomplish. Ask only if truly ambiguous:

What specific problem are you trying to solve?
What format/input/output do you expect?

Step 2: Find the Right Tool

Search for GitHub projects using effective query patterns:

Need Type	Query Pattern	Example
Tool/utility	`github [task] tool`	`github video download tool`
Library	`github [language] [function] library`	`github python pdf library`
Alternative	`github [known-tool] alternative`	`github ffmpeg alternative`

Step 3: Evaluate Quality (Quick Check)

Assess candidates using key indicators:

Indicator	Gem Signal	Warning Signal
Stars	1k+ solid, 10k+ excellent, 50k+ legendary	\x3C100 for mature projects
Last commit	Within 6 months	>2 years ago
Documentation	Clear README, examples	Sparse or outdated docs

Step 4: Solve the Problem

This is the priority. Install the tool and use it to solve the user's actual problem:

Install the chosen tool (pip, npm, apt, or direct download)
Run it with the user's input/files
Deliver the result to the user
Troubleshoot if needed—iterate until solved

Step 5: Credit the Gem & Offer Next Steps (Post-Success Only)

Only after the problem is successfully solved:

Credit the open source project — Always share the GitHub repo URL and encourage support:

"This was powered by [Project Name] — an amazing open source project! GitHub: [URL] If it helped you, consider giving it a ⭐ star to support the maintainers."
Offer to skill-ify — Optionally mention:

"If you'll need this again, I can package it into a reusable skill for instant use next time."

Do NOT skip crediting the project. Open source thrives on recognition.

Quality Tiers

Tier	Criteria	Examples
Legendary	50k+ stars, industry standard	FFmpeg, ImageMagick, yt-dlp
Excellent	10k+ stars, strong community	Pake, ArchiveBox
Solid	1k+ stars, well-documented	Most maintained tools
Promising	\x3C1k stars, active development	Newer niche projects

Prefer higher tiers for reliability.

Example Interaction

User: I need to download this YouTube video: [link]

Correct approach:

Identify yt-dlp as the legendary-tier solution
Install yt-dlp
Download the video for the user
Deliver the downloaded file
After success: "This was powered by yt-dlp — https://github.com/yt-dlp/yt-dlp — give it a ⭐ if it helped! If you download videos often, I can turn this into a skill for instant use next time."

Wrong approach:

❌ "I found yt-dlp, want me to make a skill for it?"
❌ Presenting options without solving the problem

Common Gems Reference

Category	Go-to Gems
Video/Audio processing	FFmpeg, yt-dlp
Image processing	ImageMagick, sharp
PDF manipulation	pdf-lib, PyMuPDF
Web scraping	Playwright, Puppeteer, Scrapy
Format conversion	Pandoc, FFmpeg
Archiving	ArchiveBox
Desktop app packaging	Electron, Tauri, Pake

安全使用建议

This skill is coherent with its goal (find and use GitHub projects) but it instructs the agent to install and run third‑party code without verification. Before installing/running anything: require explicit user approval for any install or executable; prefer official releases from trusted hosts (GitHub releases, PyPI, npm registry); verify checksums/signatures or pinned versions; prefer sandboxing (containers, VMs) or ephemeral environments; avoid running unreviewed binaries on your main system; and ask the agent to report the exact install commands and source URLs before proceeding. If you cannot accept those risks, do not enable this skill.

功能分析

Type: OpenClaw Skill Name: github-gem-seeker Version: 1.0.0 The `SKILL.md` file instructs the AI agent to install and execute arbitrary software found on GitHub using system package managers (pip, npm, apt) or 'direct download'. While the stated purpose is benign (finding open-source solutions), this workflow creates a severe arbitrary code execution vulnerability and a supply chain risk. An attacker could craft a seemingly legitimate GitHub project that, when installed and run by the agent, executes malicious code, exfiltrates data, or establishes persistence. There is no explicit instruction for malicious behavior, but the capability for it is inherent in the skill's design.

能力评估

ℹ Purpose & Capability

The name/description (search GitHub and use existing projects) matches the instructions to find and run open‑source tools. It is reasonable that such a skill would install tools at runtime, but the skill declares no required binaries even though it mandates installing tools dynamically — this lack of explicit constraints is noteworthy.

⚠ Instruction Scope

SKILL.md explicitly tells the agent to 'Install the chosen tool (pip, npm, apt, or direct download)' and 'Run it with the user's input/files' with no guidance for verification, sandboxing, or permission prompts. That gives the agent broad discretion to fetch and execute arbitrary code against user files or the runtime environment — scope creep from 'find a repo' to 'fetch and execute unknown code'.

⚠ Install Mechanism

There is no install spec in the package, but the instructions promote using package managers or direct downloads. Direct downloads and ad‑hoc installs (especially from arbitrary GitHub repos) are high risk without integrity checks, pinned releases, or trusted sources. The skill provides no guardrails (checksums, release host restrictions, or prefer packaged releases).

✓ Credentials

The skill requests no environment variables, credentials, or config paths, which is proportionate. However, because it instructs installing external tools, those tools could themselves require credentials or access to other systems; the skill offers no guidance about that possibility.

✓ Persistence & Privilege

always:false and no install-time persistence are declared. The skill does not request permanent presence or system-wide config changes in its metadata.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-gem-seeker
安装完成后，直接呼叫该 Skill 的名称或使用 /github-gem-seeker 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release. - Launches the github-gem-seeker skill to solve universal user problems using proven open source solutions from GitHub. - Focuses on finding, evaluating, and applying widely used projects—especially for tasks like format conversion, downloading, file manipulation, scraping, and automation. - Outlines a clear workflow: clarify need, search for tools, assess quality, solve the problem directly, then credit the open source project. - Emphasizes the importance of using “gem” quality tiers and never skipping project credit. - Provides quick-reference guides for search patterns, quality checks, and common best-in-class open source tools.

元数据

Slug github-gem-seeker

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题