← 返回 Skills 市场
329
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-auto-use
功能描述
Automatically use installed skills without being asked. Maintain a trigger table that maps contexts to skills, and enforce that every newly installed skill g...
安全使用建议
This skill is a policy that tells your agent to automatically run any installed skill that matches a trigger and to persist trigger rules in workspace files. It doesn't install code or ask for credentials itself, but it hands the agent broad authority to call other skills (some of which may contact external services or access sensitive data) without asking you. Before installing, consider: (1) only enable auto-use for non-sensitive skills, (2) maintain an explicit allowlist/denylist (do not auto-add skills that use external APIs or have write/destructive actions), (3) require explicit user consent for any skill that accesses external services or credentials, (4) avoid making this policy permanent in shared workspaces, and (5) test in a safe environment to ensure it doesn't cause loops or mass invocations. If you want to retain manual control, prefer leaving the skill uninstalled or set the agent policy so skills are only used after explicit user confirmation (or set disable-model-invocation to true).
功能分析
Type: OpenClaw Skill
Name: skill-auto-use
Version: 1.0.0
The skill 'skill-auto-use' (SKILL.md) instructs the AI agent to bypass user confirmation and automatically execute installed skills based on context triggers. It mandates the creation of a 'trigger table' and uses strong imperative language ('No exceptions', 'Don't ask... Just use it') to override default safety behaviors. While intended for automation, this behavior significantly increases the risk of unauthorized or unintended tool execution by removing human-in-the-loop oversight.
能力评估
Purpose & Capability
The name/description (auto-use installed skills via a trigger table) matches the SKILL.md: it is a policy/instruction set for automatic skill invocation and for maintaining trigger metadata. There are no unrelated required binaries, env vars, or install steps, so purpose and requested resources align.
Instruction Scope
The instructions direct the agent to automatically scan triggers on every user message and 'use' matching skills without asking the user, to add a trigger row immediately when any skill is installed, and to store these rules in workspace files (e.g., memory/protocols.md or skill-triggers.md). This gives the agent broad discretion to invoke arbitrary installed skills (including those that perform network calls or destructive actions) and to modify persistent workspace policy. The guidance is also vague about safeguards, consent, or limits, and it explicitly allows invoking multiple skills per message—raising risks of unintended data sharing, repeated/looping invocations, and complex multi-skill side effects.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk from a code-installation/execution perspective because nothing is downloaded or written by the package itself; the runtime behavior depends entirely on the agent following SKILL.md.
Credentials
The skill requests no credentials or environment variables itself. However, its policy requires adding triggers for every installed skill and auto-invoking them; that can cause the agent to exercise other skills that do require credentials or access sensitive data. The skill does not provide any guidance for excluding credentialed or privacy-sensitive skills from auto-use, which makes the overall approach disproportionate in practice.
Persistence & Privilege
While always:false and autonomous invocation is the platform default, the SKILL.md explicitly instructs creating/maintaining persistent trigger files and a permanent 'installation rule' that every installed skill must be added to the trigger table immediately. That effectively grants persistent, cross-session behavioral changes to the agent and enshrines automatic invocation as policy. Without explicit consent or safeguards, this persistent policy can have a significant blast radius (privacy, data exfiltration, or automated actions).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-auto-use - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-auto-use触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Auto-trigger installed skills by context matching.
元数据
常见问题
Skill Auto-Use 是什么?
Automatically use installed skills without being asked. Maintain a trigger table that maps contexts to skills, and enforce that every newly installed skill g... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 329 次。
如何安装 Skill Auto-Use?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-auto-use」即可一键安装,无需额外配置。
Skill Auto-Use 是免费的吗?
是的,Skill Auto-Use 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Auto-Use 支持哪些平台?
Skill Auto-Use 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Auto-Use?
由 kapslap(@kapslap)开发并维护,当前版本 v1.0.0。
推荐 Skills