← 返回 Skills 市场
tobewin

skill-advisor

作者 ToBeWin · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
159
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install skill-advisor
功能描述
Evaluate OpenClaw skills before installation. Use when user wants to check a skill's safety, dependencies, popularity, or get an installation recommendation....
安全使用建议
This skill appears to do exactly what it says (fetch ClawHub metadata and produce a report) but it has important inconsistencies you should resolve before installing or using it: - Verify you have the 'clawhub' CLI available and trust its origin. The SKILL.md requires running 'clawhub inspect', but the skill metadata does not declare that binary dependency. - Check whether ClawHub access requires credentials (API key or login). If so, ask the author to declare required env vars (primaryEnv) so you know what secrets will be read. - Because the skill's source/homepage are unknown, prefer contacting the skill author or using a skill from a known publisher. Confirm the registry entry matches the upstream repository. - If you want to test safely: run the recommended 'clawhub inspect' command yourself in a controlled environment (or sandbox) for a sample skill and review the output before letting an agent run it autonomously. If you control no ClawHub credentials and do not have the CLI, the skill will either fail or implicitly rely on existing local ClawHub configuration—both are reasons to treat it cautiously. Ask the publisher to explicitly list required binaries and any auth needs; that would convert this from 'suspicious' to 'benign' if resolved.
功能分析
Type: OpenClaw Skill Name: skill-advisor Version: 1.2.0 The skill-advisor is a utility designed to help users evaluate the safety, popularity, and dependencies of other OpenClaw skills. It uses the official 'clawhub' CLI to inspect skill metadata and generates a structured report for the user. There is no evidence of data exfiltration, malicious execution, or harmful prompt injection; all operations are transparent and aligned with the stated purpose in SKILL.md.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
SKILL.md explicitly instructs the agent to run 'clawhub inspect {skill-name}' and to fetch ClawHub scan/results, yet the skill's registry metadata lists no required binaries and no homepage/source. A pre-install advisor that relies on a specific CLI should declare that dependency and whether ClawHub API credentials are needed. The missing declaration is disproportionate to the stated purpose.
Instruction Scope
Instructions are narrowly focused on fetching skill metadata and SKILL.md via ClawHub and producing a report; they do not ask to read local files or exfiltrate unrelated data. However, the SKILL.md assumes access to the ClawHub CLI/API without specifying how authentication or network access is handled, leaving ambiguity about what system calls or credentials will actually run when invoked.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no download/extract risk or additional packages being installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, yet it relies on ClawHub data. If ClawHub access requires authentication (API key, token, or CLI login) this skill should declare which env vars or credentials it will use. The absence of any primary credential or env var is a mismatch and could hide implicit credential use via the agent's environment or existing 'clawhub' configuration.
Persistence & Privilege
The skill is not marked 'always' and does not request persistent system-wide changes. Autonomous invocation is allowed (platform default) but there is no evidence this skill tries to modify other skills or system config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-advisor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-advisor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
v1.2.0: Security hardening - removed curl dependency, removed all code examples (curl API calls, Python imports), pure instruction-based skill.
v1.1.0
添加多语言支持:根据用户对话语言自动输出中文或英文报告
v1.0.0
初始版本:安装前评估工具,生成综合评估报告,包含安全状态、流行度、依赖分析、API成本等指标
元数据
Slug skill-advisor
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

skill-advisor 是什么?

Evaluate OpenClaw skills before installation. Use when user wants to check a skill's safety, dependencies, popularity, or get an installation recommendation.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 159 次。

如何安装 skill-advisor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-advisor」即可一键安装,无需额外配置。

skill-advisor 是免费的吗?

是的,skill-advisor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

skill-advisor 支持哪些平台?

skill-advisor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 skill-advisor?

由 ToBeWin(@tobewin)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论