← 返回 Skills 市场
omaression

Skill Auditor & Enhancer

作者 omaression · GitHub ↗ · v1.0.0-alpha · MIT-0
cross-platform ⚠ suspicious
220
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-enhancer
功能描述
Periodically audit all workspace skills, learnings, memory, and configuration files to recommend refactoring, new skill ideas, and workflow improvements. Tri...
安全使用建议
This skill largely implements an internal audit pipeline (scripts are benign and unit-tested), but there are two gaps you should address before installing: - Telegram delivery: the SKILL.md promises automatic Telegram messages but the skill declares no TELEGRAM_BOT_TOKEN, CHAT_ID, or equivalent. Decide where audit messages should go and require explicit, securely stored credentials. Do not rely on implicit or global agent integrations unless you trust them. - Automatic scheduling & data flow: the skill recommends adding a cron job that will read many workspace files (including memory and USER.md) and then deliver results externally. If those files contain secrets or private content, automatic external delivery could leak information. Require a dry-run mode and human approval before enabling scheduled runs or external delivery. Limit the set of files scanned (or redact sensitive files) and verify the 'deliver' step uses only the approved destination. - Validation steps: run the included tests and a dry-run locally to confirm outputs, and inspect any agent-level permissions required to add cron jobs. Add explicit environment variable requirements to the skill metadata (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and an opt-in confirmation before first send. If you cannot confirm a controlled Telegram target and a secure way to store/send tokens, do not enable the automatic delivery/scheduling features — keep the skill manual and dry-run only.
功能分析
Type: OpenClaw Skill Name: skill-enhancer Version: 1.0.0-alpha The 'skill-auditor' bundle implements an automated weekly audit that ingests the entire workspace—including sensitive core files like SOUL.md, USER.md, and MEMORY.md—and exfiltrates summaries to Telegram and external LLMs without user prompting. While the Python scripts (e.g., build_audit_state.py) perform standard file hashing and scanning, the SKILL.md instructions create a high-risk data exposure path by bypassing human-in-the-loop confirmation for sensitive data delivery. The instructions also reference non-existent model versions (e.g., GPT-5.4), which is anomalous for a standard utility.
能力评估
Purpose & Capability
The skill claims to perform a weekly audit of workspace skills, memory, and config which matches the included scripts (build audit state, merge evaluations, format Telegram). However the SKILL.md also promises automatic delivery to Telegram and cron scheduling while the package declares no required env vars, credentials, or delivery tooling; sending messages externally normally requires a bot token/chat id or a configured platform integration, which is not declared here.
Instruction Scope
Runtime instructions explicitly read broad workspace surface (skills/*/SKILL.md, .learnings, SOUL.md, AGENTS.md, USER.md, memory/*.md, etc.), compute hashes, run multi-model evaluation steps, and then 'send recommendations directly to Telegram without user prompting.' Reading those files is coherent for an auditor, but the instruction to send automatically to Telegram (and the cron command that runs the full pipeline autonomously) grants the skill the ability to transmit potentially sensitive workspace data off-agent without any declared transport auth or per-run confirmation.
Install Mechanism
No install spec is present (instruction-only with helper scripts). This is low-risk from an installation/download perspective: nothing is fetched from external URLs or written to unusual system locations by an installer.
Credentials
The skill declares no required environment variables or credentials, yet its behavior requires a Telegram delivery channel (bot token / chat id) and will likely need the agent's ability to call external models or the network. Absence of any declared TELEGRAM_* env vars or delivery configuration is a mismatch and hides an implicit need for sensitive credentials. Also the agent will read potentially sensitive workspace files (memory, USER.md, etc.) — this is expected for auditing, but combined with automatic external delivery increases exfiltration risk.
Persistence & Privilege
always:false (good) and disable-model-invocation:false (normal). However the SKILL.md recommends adding a scheduled cron job via the agent (openclaw cron add ...) to run weekly; that grants persistent scheduled execution and requires the agent platform to allow creation of such jobs. Scheduling itself is reasonable for a periodic auditor, but users should be aware the skill requests recurring autonomous runs and an automatic delivery channel.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-enhancer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-enhancer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0-alpha
Initial release of skill-auditor: automated weekly workspace skill audit and recommendation system. - Periodically audits all skills, memory, and config files with a structured multi-phase pipeline. - Delivers categorized, actionable Telegram recommendations: safe refactors, items needing review, and informational notes. - Uses file hash comparison to minimize redundant analysis and token usage. - Supports both cron-scheduled and manual triggers. - No automatic file edits; all recommendations require explicit user approval before changes. - Includes helper scripts and tests for audit state building, evaluation merging, and Telegram formatting.
元数据
Slug skill-enhancer
版本 1.0.0-alpha
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Skill Auditor & Enhancer 是什么?

Periodically audit all workspace skills, learnings, memory, and configuration files to recommend refactoring, new skill ideas, and workflow improvements. Tri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 220 次。

如何安装 Skill Auditor & Enhancer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-enhancer」即可一键安装,无需额外配置。

Skill Auditor & Enhancer 是免费的吗?

是的,Skill Auditor & Enhancer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Auditor & Enhancer 支持哪些平台?

Skill Auditor & Enhancer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Auditor & Enhancer?

由 omaression(@omaression)开发并维护,当前版本 v1.0.0-alpha。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论