← 返回 Skills 市场
davidgeorgehope

Sightglass

作者 David Hope · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
595
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sightglass
功能描述
Monitors AI coding agents to track dependency choices, classify discovery methods, flag risks, and reveal biases and missed alternatives in your project.
安全使用建议
This skill appears to do what it says: it installs an npm CLI, starts a local watcher, records per-session metadata in your user state directory, and can push analysis to sightglass.dev. Before installing: 1) Confirm you trust the @sightglass/cli package on npm and review its README/privacy policy; 2) Expect the watcher to observe file changes, package installs, and tool calls in the project directory — avoid using it on projects containing secrets unless you confirm what the CLI uploads; 3) During setup, check whether 'auto-push' is enabled and disable it if you don't want data sent to sightglass.dev; 4) Note the bundle expects node/npm (skill.json) even though the top-level requirements text said 'none'; ensure you have a safe environment for a global npm install; 5) If you need higher assurance, inspect the installed @sightglass/cli source (from npm or its repository) to see exactly what it transmits and how authentication is handled.
功能分析
Type: OpenClaw Skill Name: sightglass Version: 0.1.0 The skill installs an external CLI tool (`@sightglass/cli`) globally via `npm i -g` in `setup.sh`. While this is necessary for the skill's stated purpose of providing 'Agent Supply Chain Intelligence,' it introduces a significant supply chain risk. The integrity of the installed package from the npm registry cannot be guaranteed, making it a potential vector for malicious code execution if the upstream package is compromised. The skill itself does not exhibit clear malicious intent, and `SKILL.md` contains no prompt injection attempts to subvert the agent's behavior beyond its stated purpose.
能力评估
Purpose & Capability
Name, description, SKILL.md, and included scripts all align: the skill installs and uses an @sightglass/cli to watch agent sessions and analyze dependency choices. One minor inconsistency: the externally provided 'Requirements' section at the top of the bundle says 'none', but the included skill.json declares anyBins: ["node","npm"], and setup.sh installs an npm package — so Node/npm are effectively required.
Instruction Scope
Runtime instructions and hooks stay within the declared purpose: pre-spawn records session metadata and ensures a watcher runs; post-session runs analysis and summarizes findings. However, analysis and optional '--push' sync data to https://sightglass.dev and the setup flow mentions configuring auto-push. That means session information, dependency inventories, and related metadata can be transmitted to an external service — this is consistent with the tool's purpose but important to be aware of.
Install Mechanism
setup.sh installs @sightglass/cli via 'npm i -g', a typical registry install (moderate risk compared to curated package managers). There are no obscure download URLs or archive extracts. Global npm installs may require elevated rights on some systems (setup.sh does not handle sudo), but there is no evidence of unusual or obfuscated install behavior.
Credentials
The skill does not declare or require environment credentials. It does rely on an authentication flow with sightglass.dev (invoked through the CLI 'sightglass login' / 'sightglass setup'), which is expected for remote sync. The hooks write session metadata to user-local XDG paths (~/.local/state or XDG_STATE_HOME) — appropriate for the stated function.
Persistence & Privilege
The skill is not marked 'always:true'. It will auto-start a background 'sightglass watch' watcher in pre-spawn if not running, which creates a persistent watcher process under the user's account. This behavior matches a monitoring tool's needs but is a notable persistence behavior to accept explicitly. The skill does not modify other skills' configurations or request elevated system privileges in the provided scripts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sightglass
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sightglass 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release — agent supply chain intelligence
元数据
Slug sightglass
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Sightglass 是什么?

Monitors AI coding agents to track dependency choices, classify discovery methods, flag risks, and reveal biases and missed alternatives in your project. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 595 次。

如何安装 Sightglass?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sightglass」即可一键安装,无需额外配置。

Sightglass 是免费的吗?

是的,Sightglass 完全免费(开源免费),可自由下载、安装和使用。

Sightglass 支持哪些平台?

Sightglass 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Sightglass?

由 David Hope(@davidgeorgehope)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论