← 返回 Skills 市场
147
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install master-skill-review
功能描述
Review an OpenClaw skill for token efficiency, scriptability, and clean action boundaries; back up first, then improve the skill.
安全使用建议
This skill is a plausible meta-review tool and includes only a safe read-only helper script, but its SKILL.md asks the agent to back up and modify other local skills without providing an explicit, auditable backup/modify script. Before installing or enabling autonomous invocation: 1) Require explicit confirmation before any file write — prefer the agent to produce patch suggestions rather than applying changes automatically. 2) Add/verify a dedicated backup script that writes backups to a clearly named, access-controlled location and prints the backup path. 3) Limit which agent identities can run this skill with write permission (prefer read-only for general users). 4) Audit any future scripts that actually perform writes before granting run privileges. If you want minimal risk, use the included review_skill.sh for read-only analysis only and do manual backups and edits yourself.
功能分析
Type: OpenClaw Skill
Name: master-skill-review
Version: 1.0.1
The skill is a meta-utility designed to audit and modify other OpenClaw skills for token efficiency and scriptability. While its stated purpose is benign and it includes safety-conscious instructions (e.g., mandatory backups and evidence reporting in SKILL.md), it possesses high-risk capabilities, specifically the authority to modify SKILL.md, scripts, and references across the local environment. The accompanying script, scripts/review_skill.sh, is a safe, read-only diagnostic tool that checks file sizes and heuristics without any evidence of malicious intent or vulnerabilities.
能力评估
Purpose & Capability
The name/description (a meta-skill that inspects and improves other skills) aligns with the files present: SKILL.md, checklist, and a review script that inspects SKILL.md, scripts/, and references/. The skill does not request unrelated credentials or binaries. However, the human-readable instructions explicitly say the skill may 'inspect and modify' other local skill folders and that it will 'back up first, then modify' — yet the included script only performs read-only analysis and does not implement backing up or modification. That mismatch between claimed behavior (automatic backups/modifications) and provided tooling is notable.
Instruction Scope
SKILL.md instructs the agent to read target SKILL.md, scripts/, references/, back up the target, and 'improve the skill structure' (modify files). Those operations are local filesystem reads/writes within other skill folders. The included script (scripts/review_skill.sh) only reads and reports — it does not perform backups or changes. Because the instructions permit file modifications but do not provide audited/explicit scripts to do safe backups or changes, an agent given autonomy could make arbitrary edits. The instructions are also somewhat vague about where backups should be stored and what constitutes an acceptable 'improvement'.
Install Mechanism
No install spec and only an instruction/script bundle—lowest risk for arbitrary remote code download. The only executable provided is a small bash script that performs read-only checks and prints heuristics. No external downloads, package installs, or extract steps are present.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no declared secrets or unrelated credentials, which is proportionate to a local-file review task.
Persistence & Privilege
always:false (normal). The SKILL.md explicitly expects a high-permission 'master' agent that can inspect and modify other local skill folders. That need for elevated local filesystem access is coherent for a meta-reviewer tool, but combined with autonomous invocation (disable-model-invocation:false) it raises practical risk: an agent could autonomously change other skills if given permission. This is a power/privilege consideration rather than an immediate technical exploit—limit autonomous write permissions if you want safer operation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install master-skill-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/master-skill-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Renamed local skill-review to master-skill-review and aligned local naming references.
v1.0.0
Initial release: review skills for token efficiency, scriptability, clearer action boundaries, and backup-first improvement flow.
元数据
常见问题
Skill Review 是什么?
Review an OpenClaw skill for token efficiency, scriptability, and clean action boundaries; back up first, then improve the skill. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 147 次。
如何安装 Skill Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install master-skill-review」即可一键安装,无需额外配置。
Skill Review 是免费的吗?
是的,Skill Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Review 支持哪些平台?
Skill Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Review?
由 kid0114(@kid0114)开发并维护,当前版本 v1.0.1。
推荐 Skills