← 返回 Skills 市场
357
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ponddepth-levels
功能描述
Leveling overlay for OpenClaw Control UI (badge + XP + daily tip + level list + icons).
安全使用建议
This package is not obviously malicious, but it includes unexpected capabilities and some sloppy/incompatible parts. Before installing:
- Inspect the scripts locally (install.sh, uninstall.sh, and all tasks). Verify you are comfortable with files being copied into your OpenClaw Control UI assets directory and that you have backups.
- Note the package will attempt to create OpenClaw cron jobs that run the included Python scripts. If you do not want scheduled runs, do not allow cron creation (or run the install script but skip the cron commands).
- Look closely at tasks/skill_install_queue.py — it can run `clawhub install <name>` from a queue file. If you do not want automatic or queued installs, remove or disable this script.
- Fix or confirm path usage: one script uses hardcoded /Users/aibaobao paths (likely a bug). Ensure the tasks will read only directories you expect (use OPENCLAW_WORKSPACE and OPENCLAW_UI_ASSETS_DIR overrides when running the installer).
- Confirm the expected extension files (openclaw.plugin.json, index.ts) are present in the workspace extension dir or adjust the install script; the install currently expects them but they are not included in the published files.
- Consider running the install steps in a controlled environment (temporary VM or container) first, or run the install script line-by-line in a shell to see exactly what it changes. If you proceed, keep the uninstall script handy and verify the backup created under ~/.openclaw/workspace/_deleted/ before making other changes.
功能分析
Type: OpenClaw Skill
Name: ponddepth-levels
Version: 0.1.1
The skill bundle implements a UI gamification overlay by injecting JavaScript and assets directly into the global OpenClaw installation directory (/opt/homebrew/lib/node_modules/openclaw/), which is a high-risk persistence and execution vector. It includes a background task (tasks/skill_install_queue.py) that automatically executes shell commands ('clawhub install') based on a local JSON queue, which could be exploited to install unauthorized packages. Furthermore, tasks/companion_metrics.py contains hardcoded absolute paths to a specific user's home directory (/Users/aibaobao/), representing a significant functional flaw and a leak of the developer's environment details. While the behavior aligns with the stated purpose of a 'leveling overlay,' the combination of global file modification and automated command execution warrants a suspicious classification.
能力评估
Purpose & Capability
The declared purpose is a UI leveling overlay and the package includes the badge JS and helper tasks to generate metrics — that is coherent. However the package also contains an unmentioned installer helper (skill_install_queue.py) that can run `clawhub install <name>`, and the install script expects an extension directory ($WS/.openclaw/extensions/ponddepth) with files that are not present in the published manifest, which is inconsistent and will cause install-time failures or confusion.
Instruction Scope
SKILL.md instructs users to run the provided install.sh which copies files into global OpenClaw UI asset paths (/opt/homebrew/...), creates/edits OpenClaw cron jobs, and installs python helper tasks. The python tasks read local session logs and memory, run `openclaw`/`clawhub` CLI commands, and write JSON into the UI assets. One task (tasks/companion_metrics.py) has hardcoded /Users/aibaobao paths, which is unexpected and likely erroneous; skill_install_queue.py will attempt to run arbitrary `clawhub install` commands from a queue file. These behaviors go beyond a simple UI overlay and grant the skill the ability to inspect local session data and trigger installs — both of which should be explicitly documented and consented to.
Install Mechanism
There is no remote download; installation is local (copying assets and scripts). That lowers supply-chain download risk. However the install script writes into a global Homebrew prefix and creates cron jobs via the openclaw CLI, so filesystem and persistent modification risk remains. The install.sh also requires that an extension directory exist in the workspace and copies plugin files from it — those files are not present in the package, which is inconsistent.
Credentials
The manifest lists only python3 as a required binary, but the scripts plainly call `openclaw`, `clawhub`, and optionally `jq` — binaries not declared. The tasks run `clawhub whoami` (exposes the clawhub account identity) and `openclaw sessions --all-agents` (reads session/token metrics). The skill_install_queue can run `clawhub install` which will use the user's ClawHub credentials to install other skills. Those capabilities are powerful relative to a UI-only enhancement and should be justified and explicitly requested.
Persistence & Privilege
always:false and normal autonomous invocation settings are fine, but the install writes into the global Control UI assets dir and creates/edits cron jobs via `openclaw cron add/edit`. That creates persistent scheduled tasks that will run the packaged Python scripts. While the cron targets here are limited to metrics/status, persistent code that can execute `clawhub install` (present in the package) increases the blast radius if misused. The package does not request elevated OS privileges explicitly, but it modifies other software's install directories (requires write permission).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ponddepth-levels - 安装完成后,直接呼叫该 Skill 的名称或使用
/ponddepth-levels触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Improve SKILL.md (demo + clearer install/uninstall) + add uninstall.sh
v0.1.0
Initial release of ponddepth-levels: adds a badge-based leveling system with interactive UI and daily tips to OpenClaw Control UI.
- Adds a PondDepth badge with popover displaying user level and progress.
- Auto-updates level and XP info from `companion-metrics.json`.
- Shows a daily OpenClaw tip from `openclaw-tip.json`.
- Provides a level list with XP ranges, icons, and compact skills display (supports zh/en).
- Includes ClawHub skills install CTA with authentication check.
- Installs necessary UI assets; reinstallation may be needed after OpenClaw upgrades.
元数据
常见问题
Ponddepth Levels 是什么?
Leveling overlay for OpenClaw Control UI (badge + XP + daily tip + level list + icons). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 357 次。
如何安装 Ponddepth Levels?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ponddepth-levels」即可一键安装,无需额外配置。
Ponddepth Levels 是免费的吗?
是的,Ponddepth Levels 完全免费(开源免费),可自由下载、安装和使用。
Ponddepth Levels 支持哪些平台?
Ponddepth Levels 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ponddepth Levels?
由 pureheart(@pureheart)开发并维护,当前版本 v0.1.1。
推荐 Skills