← 返回 Skills 市场
Skill Factory
作者
jeremysommerfeld8910-cpu
· GitHub ↗
· v1.0.0
875
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-factory
功能描述
Create, evaluate, improve, benchmark, and publish OpenClaw skills. Use when building a new skill from scratch, iterating on an existing skill, running evals...
安全使用建议
This skill appears to do what it says: scaffold skills, validate frontmatter, scan installed skill SKILL.md files to synthesize patterns, and package skill folders. Before running: 1) Inspect the bundled scripts (they are included) to confirm behavior (they are plain Python). 2) Be aware analyze_patterns.py will read SKILL.md and related files under your skills directories (defaults include ~/.openclaw/workspace/skills and an openclaw path under ~/.nvm); avoid running it against directories that contain secrets you don't want aggregated. 3) When using init_skill or package_skill, pass explicit paths rather than relying on example find commands so you control what gets created or packaged. 4) If you plan to run these tools in an automated or shared environment, run them in a sandbox first to verify outputs. Overall the package is internally consistent and does not ask for extra credentials or perform unexpected network calls.
功能分析
Type: OpenClaw Skill
Name: skill-factory
Version: 1.0.0
The skill bundle is classified as suspicious due to inherent risks associated with its core functionality of creating, packaging, and analyzing other skills, which involves executing shell commands and broad file system access. Specifically, the `SKILL.md` instructs the AI agent to execute Python scripts with user-provided input (e.g., `<skill-name>`), creating a potential prompt injection vector against the agent, even though the `init_skill.py` script itself includes input sanitization. Additionally, the `SKILL.md` uses a `find` command to locate its own scripts, which could be vulnerable to path manipulation if a malicious script with the same name were planted in an earlier search path. While these capabilities are necessary for the skill's stated purpose, they represent significant vulnerabilities that could be exploited, though there is no clear evidence of intentional malicious behavior like data exfiltration or backdoors within the provided code.
能力评估
Purpose & Capability
Name/description (create/evaluate/package/analyze skills) match the included scripts and files: init_skill.py (scaffold), analyze_patterns.py (scan/analyze installed skills), package_skill.py (zip .skill), quick_validate.py (frontmatter checks). The default scan paths and helper commands relate to managing OpenClaw skills and are expected for this meta-skill.
Instruction Scope
SKILL.md instructions direct the agent/operator to run the bundled Python scripts and to read SKILL.md files in the user's skills directories; that is coherent with analyzing and synthesizing skill patterns. The workflow does not instruct reading arbitrary unrelated system files or sending data to external endpoints. Note: some example commands use find across ~/.nvm and call the openclaw CLI to locate skill paths — these will examine files under those directories (expected for pattern analysis).
Install Mechanism
There is no install spec; this is an instruction-only skill with bundled helper scripts. No remote downloads or archive extraction are performed by an installer. Running the scripts executes local Python code included in the bundle.
Credentials
The skill requests no environment variables or credentials. However, analyze_patterns.py and the examples scan user skill directories (default: ~/.openclaw/workspace/skills and an openclaw path under ~/.nvm). That means the tool will read many local SKILL.md and related files under those locations — expected for its purpose, but you should ensure those directories do not contain sensitive secrets you don't want aggregated into reports or stdout.
Persistence & Privilege
always:false and there is no code that modifies other skills' configurations or global agent settings. init_skill.py will create new skill directories when invoked (normal scaffolding behavior). package_skill.py writes .skill archives of specified folders — all actions are local and scoped to user-specified paths.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-factory - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-factory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skill-factory: A toolkit for creating, evaluating, improving, and publishing OpenClaw skills.
- Supports six modes: create, eval, improve, benchmark, analyze patterns, synthesize from patterns.
- Provides guided workflow for building new skills from scratch or iterating on existing ones.
- Includes built-in scripts for skill packaging, evaluation, and pattern analysis.
- Documents best practices for SKILL.md structure, versioning, and output formats.
- Offers resources for extracting and reusing patterns across installed skills.
- Supplies automation for blind benchmarking and maintaining skill version history.
元数据
常见问题
Skill Factory 是什么?
Create, evaluate, improve, benchmark, and publish OpenClaw skills. Use when building a new skill from scratch, iterating on an existing skill, running evals... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 875 次。
如何安装 Skill Factory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-factory」即可一键安装,无需额外配置。
Skill Factory 是免费的吗?
是的,Skill Factory 完全免费(开源免费),可自由下载、安装和使用。
Skill Factory 支持哪些平台?
Skill Factory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Factory?
由 jeremysommerfeld8910-cpu(@jeremysommerfeld8910-cpu)开发并维护,当前版本 v1.0.0。
推荐 Skills