← 返回 Skills 市场
athola

Nm Sanctum Workflow Improvement

作者 athola · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
110
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nm-sanctum-workflow-improvement
功能描述
Retrospective evaluation and improvement of skills, agents, commands, and hooks
安全使用建议
This skill appears to do what it says (collect workflow context, propose improvements, and create GitHub issues), but several practical and safety gaps exist. Before installing or running it: - Verify runtime tools: ensure git and the GitHub CLI (gh) are installed and authenticated, and confirm the 'memory-palace', 'review-room', and 'pensive' utilities the instructions reference are available in your environment. The skill metadata does not declare these dependencies. - Review and restrict automatic writes: the module defaults to automatic issue creation. If you don't want the agent posting to your repositories, run with the documented opt-out (--no-auto-issues or SKIP_AUTO_ISSUES=true) or change the workflow to require an explicit --create flag. - Confirm credentials and scope: ensure gh is authenticated to the intended account/repo, and consider using a token with limited scope or a sandbox repository for testing. The skill does not declare required env vars (e.g., GITHUB_TOKEN) or repository targets. - Audit what gets posted: issue bodies may include file paths, PR text, and error messages. Remove or redact sensitive snippets before auto-creating issues. - Suggested improvements to the skill owner: declare required binaries (git, gh), require or document the auth method (GITHUB_TOKEN or gh auth), make auto-creation opt-in by default, and add explicit repository/label configuration to avoid accidental writes. If you want, I can produce a checklist or a small wrapper that enforces 'dry-run' by default (print would-be issue bodies instead of creating them) so you can safely evaluate the skill first.
功能分析
Type: OpenClaw Skill Name: nm-sanctum-workflow-improvement Version: 1.0.0 The skill bundle facilitates workflow optimization through shell execution, git operations, and automated GitHub issue management. A significant security concern is identified in SKILL.md (Step 7.2), which instructs the agent to post 'tooling learnings' to a hardcoded external GitHub repository (athola/claude-night-market) regardless of the user's current project context, creating a potential path for accidental data leakage or unauthorized telemetry. Additionally, the automated issue creation logic in modules/auto-issue-creation.md grants the agent broad authority to interact with the GitHub CLI (gh) and create issues automatically, which increases the risk of unintended external communication.
能力评估
Purpose & Capability
The skill's stated purpose (improving workflows, skills, agents, commands, hooks) aligns with the instructions which gather logs, git history, produce improvements, and create issues. However, the SKILL.md relies on external CLIs and services (git, gh, memory-palace/review-room utilities, pensive) without declaring them as required. That mismatch (no declared binaries or env vars) is incoherent: someone building this skill would legitimately need git and the GitHub CLI or an explicit GitHub token/config.
Instruction Scope
Instructions explicitly tell the agent to read logs, query knowledge bases, run git commands, and automatically create GitHub issues including contextual file/PR snippets. Gathering logs and git history is within scope, but the automatic creation of external artifacts (issues) by default is a behavioral escalation: it transmits captured context to an external service (GitHub) and may publish snippets or file references. The SKILL.md gives the agent broad discretion to auto-create issues unless a flag is passed, which can be surprising to users.
Install Mechanism
This is an instruction-only skill with no install spec (low install risk), but the runtime relies on CLIs (gh, git) and site-specific tools (memory-palace, review-room, pensive). Those are not listed in registry metadata. Absence of declared runtime dependencies is an inconsistency: the skill will fail or behave unexpectedly if those binaries/tools are missing or misconfigured.
Credentials
The skill does not declare any required environment variables or primary credentials, yet it instructs actions that require authentication (creating GitHub issues via gh or similar). Creating issues requires repository context and auth (gh auth/GITHUB_TOKEN); this is not surfaced in requires.env or primary credential fields. The skill also suggests sending potentially sensitive context (file locations, error messages, snippets) to GitHub; that data transmission should be explicit and justified.
Persistence & Privilege
The skill is not marked always:true and is user-invocable, which is appropriate. However, the module sets 'Automatic by Default' behavior for issue creation and the platform allows autonomous invocation. Combined with the other mismatches, that default-auto-create behavior increases the blast radius: the agent could autonomously create issues in user repos unless opt-out flags are used. The skill does not clearly require or document explicit consent or scoped targets for writes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nm-sanctum-workflow-improvement
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nm-sanctum-workflow-improvement 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the workflow-improvement skill, focused on retrospective analysis and enhancement of skill, agent, command, and hook workflows. - Introduces a step-by-step process: context gathering, session slice capture, workflow recreation, improvement generation, plan agreement, implementation, validation, and lesson storage. - Provides detailed guidance on gathering data from logs, git history, and knowledge bases to identify and address recurring workflow issues. - Includes validation metrics and templates to clearly measure workflow improvements. - Establishes conventions for both code changes and documentation. - Sets up triggers for use in scenarios involving workflow inefficiency, instability, or recurring issues.
元数据
Slug nm-sanctum-workflow-improvement
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Nm Sanctum Workflow Improvement 是什么?

Retrospective evaluation and improvement of skills, agents, commands, and hooks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。

如何安装 Nm Sanctum Workflow Improvement?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nm-sanctum-workflow-improvement」即可一键安装,无需额外配置。

Nm Sanctum Workflow Improvement 是免费的吗?

是的,Nm Sanctum Workflow Improvement 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Nm Sanctum Workflow Improvement 支持哪些平台?

Nm Sanctum Workflow Improvement 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nm Sanctum Workflow Improvement?

由 athola(@athola)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论