← 返回 Skills 市场
krishna-505

SkillCompass — Skill Evolution Engine

作者 krishna-505 · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
2953
总下载
123
收藏
32
当前安装
7
版本数
在 OpenClaw 中安装
/install skill-compass
功能描述
Evaluate skill quality, find the weakest dimension, and apply directed improvements. Also tracks usage to spot idle or risky skills. Use when: first session...
安全使用建议
Install only if you want a powerful local skill-management tool that can monitor skill use, scan installed skills, write snapshots/logs, and run local commands. Review hooks/hooks.json, lib/update-checker.js, commands/setup.md, and shared/tool-instructions.md first. Avoid enabling the statusLine option until the missing hud-extra.js path is resolved, do not trust custom security tool commands from untrusted .skill-compass/config.json, and back up ~/.claude/settings.json and important skills before using write/update/rollback flows.
功能分析
Type: OpenClaw Skill Name: skill-compass Version: 1.1.0 This skill bundle is classified as malicious due to multiple indicators of deceptive and harmful intent. It employs string-splitting obfuscation in `lib/patterns.js` and `hooks/scripts/eval-gate.js` to evade static analysis and hide a security 'gate bypass' file named `.ga-te-bypass`. The `SKILL.md` file contains prompt injection instructions that command the AI agent to auto-execute an onboarding process on session start without user intervention, which includes modifying the user's global `~/.claude/settings.json` to establish persistence for an external script. Additionally, the `SECURITY.md` file falsely claims 'Zero Network Activity' despite `lib/update-checker.js` containing logic for remote `git fetch` and `pull` operations. The bundle also references a missing script (`scripts/hud-extra.js`) for the persistent status line, which is a common characteristic of staged malware.
能力评估
Purpose & Capability
The core evaluator and skill-management purpose is coherent, but the effective capability set is broader than the short description: automatic onboarding, usage tracking, snapshots, rollback, external security tools, statusLine configuration, and git update management.
Instruction Scope
The SessionStart flow tells the agent to run onboarding and quick scanning on first interaction without waiting for a command. Several commands also use Bash/Node and broad skill discovery across user and project skill roots.
Install Mechanism
Install instructions are ordinary clone/npm/rsync steps and package.json has no install script, but hooks.json registers persistent SessionStart, SessionEnd, PostToolUse Skill, and PostToolUse Write/Edit commands.
Credentials
Reading installed skills is purpose-aligned, but the scan reaches user-level skill directories and optional OpenClaw extraDirs, can execute configured security tools, and update flows run git fetch/pull. SECURITY.md and SKILL.md also claim no network calls despite the explicit update feature.
Persistence & Privilege
The skill writes .skill-compass state, usage logs, inbox data, snapshots, manifests, audit logs, and optionally ~/.claude/settings.json. Its edit hooks fall back to writing .skill-compass under the home directory when no git root is found.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-compass
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-compass 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
SkillCompass 1.1 release
v1.0.5
D5 and D6 scoring stability, JavaScript pre-eval scan rewrite, and test hardening.
v1.0.4
Add /setup first-run inventory with dual-mode (manual + auto-trigger), OpenClaw compatibility, snapshot diffs, and scenario-based output.
v1.0.3
Add SECURITY.md trust model, declare executable metadata, reference security docs from SKILL.md.
v1.0.2
Remove remaining static scan pattern in security-validator.
v1.0.1
Fix static scan warnings, improve security detection coverage.
v1.0.0
Initial release — six-dimension evaluation, directed improvement loop, security gate, version management, batch audit.
元数据
Slug skill-compass
版本 1.1.0
许可证 MIT-0
累计安装 32
当前安装数 32
历史版本数 7
常见问题

SkillCompass — Skill Evolution Engine 是什么?

Evaluate skill quality, find the weakest dimension, and apply directed improvements. Also tracks usage to spot idle or risky skills. Use when: first session... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2953 次。

如何安装 SkillCompass — Skill Evolution Engine?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-compass」即可一键安装,无需额外配置。

SkillCompass — Skill Evolution Engine 是免费的吗?

是的,SkillCompass — Skill Evolution Engine 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

SkillCompass — Skill Evolution Engine 支持哪些平台?

SkillCompass — Skill Evolution Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SkillCompass — Skill Evolution Engine?

由 krishna-505(@krishna-505)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论