← 返回 Skills 市场
pipsqueakup

myskill

作者 pipsqueakup · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
240
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install new-slug
功能描述
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express...
安全使用建议
This skill's visible instructions are harmless (searching with 'npx skills'), but the included Python script deviates from the manifest in ways that could have side effects. Before installing or letting an agent run this skill: 1) Ask the publisher why the Python script is included and why it needs DASHSCOPE_API_KEY (not advertised). 2) Review or run the Python file only in a sandbox to see what it does (it creates sample_skill/ and calls Toolkit.register_agent_skill). 3) Avoid allowing automated/global installs with '-g -y' without explicit user confirmation. 4) If you don't intend to run the Python script, consider removing or isolating it; if you do need its functionality, require the manifest be updated to declare the DASHSCOPE_API_KEY dependency and any filesystem/config changes. If the publisher can't explain the mismatch, treat the package as untrusted.
功能分析
Type: OpenClaw Skill Name: he1f Version: 1.0.0 The skill bundle provides the agent with the capability to search for and install third-party software using the 'npx skills add' command with the '-y' flag, which bypasses user confirmation (SKILL.md). While this aligns with the stated purpose of a skill manager, it grants the agent high-privilege control over the system's environment and software supply chain. The included Python script (task_agent_skill.py) is a benign tutorial for the AgentScope framework, though it demonstrates the use of sensitive environment variables like DASHSCOPE_API_KEY.
能力评估
Purpose & Capability
SKILL.md describes a lightweight 'find and install skills' helper that uses the Skills CLI (npx skills). However, the package also contains a Python script that creates a local 'sample_skill' directory, registers that skill via an agentscope Toolkit, and constructs a DashScopeChatModel that reads os.environ['DASHSCOPE_API_KEY']. The script's dependencies and environment access (DashScope API key, agentscope) are not reflected in the skill metadata and are not necessary for the described find/install functionality.
Instruction Scope
The runtime instructions (SKILL.md) are limited to guiding an agent to use 'npx skills find' and 'npx skills add'. Those instructions are coherent. However, SKILL.md does not mention the included Python script at all. The instructions also recommend 'npx skills add ... -g -y' which installs globally and skips confirmations — a potentially risky operation if performed without explicit user consent.
Install Mechanism
There is no install spec (instruction-only), which is low risk. But the repository includes an executable Python file that, if run, will write files to the current working directory (creates sample_skill/SKILL.md) and calls Toolkit.register_agent_skill. The package does not declare this behavior, so the presence of code capable of filesystem writes is an unexpected surface area.
Credentials
Manifest declares no required environment variables, yet the Python script directly references os.environ['DASHSCOPE_API_KEY'] (required at runtime). This is a clear mismatch: the skill asks for an API key it never declared and which is unrelated to the stated purpose of searching/installing skills.
Persistence & Privilege
Skill flags are default (no 'always' privilege). The Python script registers a skill via Toolkit.register_agent_skill and writes a sample skill directory, which may modify agent skill registrations or leave files on disk if executed. The metadata does not disclose any config path modifications; this discrepancy is noteworthy but not on its own proof of malicious intent.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install new-slug
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /new-slug 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the test skill. - No file changes detected in this version.
元数据
Slug new-slug
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

myskill 是什么?

Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 240 次。

如何安装 myskill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install new-slug」即可一键安装,无需额外配置。

myskill 是免费的吗?

是的,myskill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

myskill 支持哪些平台?

myskill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 myskill?

由 pipsqueakup(@pipsqueakup)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论