← 返回 Skills 市场
160
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install nm-abstract-hooks-eval
功能描述
Evaluate hook security, performance, and SDK compliance. Use for audits
安全使用建议
This skill is an instruction-only audit framework and appears internally consistent. Before installing or using it: 1) Confirm your agent environment actually provides the referenced tooling (e.g., /hooks-eval or install the Claude Code plugin) because the SKILL.md assumes those commands exist. 2) When following checks that validate or run shell commands from hooks.json, review those commands first—the evaluator may instruct you to test executables referenced by a plugin, which requires filesystem and command execution access. 3) The skill will scan for hardcoded secrets and other vulnerabilities in plugin files—ensure you permit it only to access plugin folders you trust. 4) There are no requested credentials, but still inspect any plugin code you evaluate for secrets before running automated checks. If you need higher assurance, request a sample run or a minimal-scope dry-run on non-production data to confirm behavior.
功能分析
Type: OpenClaw Skill
Name: nm-abstract-hooks-eval
Version: 1.8.3
The skill bundle is a comprehensive documentation and evaluation framework for auditing Claude Agent SDK hooks. It provides a structured rubric for identifying security vulnerabilities (e.g., command injection, dynamic code evaluation) and performance bottlenecks in other plugins. The files (SKILL.md, evaluation-criteria.md, and sdk-hook-types.md) contain educational content, technical references, and scoring systems designed to improve hook quality and security, with no evidence of malicious intent, data exfiltration, or harmful instructions.
能力评估
Purpose & Capability
Name, description, and included modules are consistent: the skill provides guidance and rubrics for auditing hooks, references SDK types and evaluation criteria, and only declares a related config path (night-market.hook-scope-guide). There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
SKILL.md is detailed and stays within the audit/evaluation domain (checking hooks.json, validating matchers, benchmarking, scanning for secrets). It instructs running helper commands (e.g., /hooks-eval, /analyze-hook, /validate-plugin) but supplies no binaries — so the runtime assumes those tools or the Claude Code plugin exist in the agent environment. The instructions also direct verifying shell commands referenced in hooks.json are executable, which legitimately requires inspecting plugin files and possibly executing or testing commands locally; this is within scope but means the agent will need filesystem and command-execution capability to fully follow the guidance.
Install Mechanism
No install spec is provided (instruction-only). This is the lowest-risk install model: nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no credentials or environment variables; the single required config path (night-market.hook-scope-guide) is relevant to hook placement guidance. The included evaluation rules explicitly search for hardcoded secrets as part of audits, which is appropriate for an auditing tool and not an unexplained request for secrets.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent system presence or claim to modify other skills' configurations. Nothing indicates elevated or unusual privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nm-abstract-hooks-eval - 安装完成后,直接呼叫该 Skill 的名称或使用
/nm-abstract-hooks-eval触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.8.3
Release v1.8.3
v1.8.2
Release v1.8.2
v1.0.0
Initial release for hooks-eval auditing skill:
- Provides a framework to evaluate hook security, performance, and SDK compliance in Claude Code plugins and projects.
- Supports security analysis (vulnerability scanning, pattern detection), performance benchmarking, and structure/compliance checks.
- Offers detailed references for hook event types, callback signatures, return values, and quality scoring.
- Includes guidance for integrating with plugin-level `hooks.json` and the Python SDK.
- Supplies command-line workflows for running evaluations, security-focused scans, and compliance reports.
元数据
常见问题
Nm Abstract Hooks Eval 是什么?
Evaluate hook security, performance, and SDK compliance. Use for audits. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。
如何安装 Nm Abstract Hooks Eval?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nm-abstract-hooks-eval」即可一键安装,无需额外配置。
Nm Abstract Hooks Eval 是免费的吗?
是的,Nm Abstract Hooks Eval 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nm Abstract Hooks Eval 支持哪些平台?
Nm Abstract Hooks Eval 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nm Abstract Hooks Eval?
由 athola(@athola)开发并维护,当前版本 v1.8.3。
推荐 Skills