← 返回 Skills 市场
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openspace-skill-discovery
功能描述
Search for reusable skills across OpenSpace's local registry and cloud community. Reusing proven skills saves tokens, improves reliability, and extends your...
安全使用建议
This skill is plausible for discovering and reusing skills, but its instructions mention cloud access and automatic downloading without declaring required credentials or describing how downloads are vetted. Before installing or using auto_import: (1) confirm where the 'API key' lives (platform-provided or must be supplied) and why the skill didn't declare it; (2) disable or require manual approval for auto_import so you can review any cloud skill before it is saved locally; (3) ask what paths are used for saved skills and whether downloaded SKILL.md and code are integrity-checked or sandboxed. Because this is instruction-only, there was no code to scan — extra caution around network downloads and local writes is recommended.
功能分析
Type: OpenClaw Skill
Name: openspace-skill-discovery
Version: 1.0.0
The skill-discovery bundle is classified as suspicious due to the `auto_import` parameter in `SKILL.md`, which defaults to `true`. This feature automatically downloads skills from a cloud community and explicitly instructs the AI agent to 'read SKILL.md at local_path, follow the instructions.' This creates a high-risk vector for remote instruction injection or supply chain attacks, as the agent is directed to execute logic from untrusted external sources without a mandatory manual review or confirmation step.
能力标签
能力评估
Purpose & Capability
The name/description (discover skills locally and in the cloud) aligns with the instructions which show a search_skills API and reading SKILL.md files locally. However, the SKILL.md explicitly discusses cloud access and auto-importing cloud hits but the skill metadata declares no credentials or config paths to enable cloud access; this is plausible if the platform provides built-in credentials, but the skill does not explain that assumption.
Instruction Scope
Instructions are mostly scoped to discovery and reading SKILL.md files, which is appropriate. But they also permit auto_import ("Auto-download top cloud hits locally") and reference an API key fallback path ("falls back to local-only if no API key"). Those steps imply network downloads and writing files to disk and assume an API key exists somewhere; neither the download targets nor the storage paths or verification/approval steps are specified.
Install Mechanism
This is instruction-only (no install spec, no code files), which is low risk on its own. But the instructions allow auto-downloading cloud skills into local storage even though no install or verification mechanism is documented. That gap raises a moderate concern: the skill could cause the agent to write unvetted code to disk if auto_import is used.
Credentials
Requires.env lists none, yet the SKILL.md refers to an API key (cloud vs local behavior). This mismatch is notable: either the skill expects platform-level credentials (not declared) or it omitted declaring required credentials. If cloud access requires keys, the skill should declare them; otherwise the behavior is ambiguous.
Persistence & Privilege
The skill does not request always:true and declares no config-paths or persistent privileges. It does instruct reading local SKILL.md files and may cause local files to be written if auto_import is used, but it does not demand system-wide privileges or to modify other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openspace-skill-discovery - 安装完成后,直接呼叫该 Skill 的名称或使用
/openspace-skill-discovery触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Skill Discovery 1.0.0 – Initial Release
- Enables searching for reusable skills across OpenSpace's local registry and the cloud community.
- Helps users find relevant skills to save tokens, improve reliability, and extend capabilities.
- Supports natural language or keyword-based queries for skill discovery.
- Provides options to auto-import cloud skills and specifies when to use or delegate discovered skills.
- Clearly informs users about available skills and recommendations for next steps.
元数据
常见问题
OpenSpace Skill Discovery 是什么?
Search for reusable skills across OpenSpace's local registry and cloud community. Reusing proven skills saves tokens, improves reliability, and extends your... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。
如何安装 OpenSpace Skill Discovery?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openspace-skill-discovery」即可一键安装,无需额外配置。
OpenSpace Skill Discovery 是免费的吗?
是的,OpenSpace Skill Discovery 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenSpace Skill Discovery 支持哪些平台?
OpenSpace Skill Discovery 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenSpace Skill Discovery?
由 X-RayLuan(@x-rayluan)开发并维护,当前版本 v1.0.0。
推荐 Skills