← 返回 Skills 市场
266
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-guardian
功能描述
Safely manage your AI skill collection with trust scoring, security vetting, delayed auto-updates, and pending periods for new skills. Use when adding new sk...
安全使用建议
What to check before installing or scheduling Skill Guardian:
- Vetting is not implemented in the code provided: add_skill calls a vetter subprocess but returns a placeholder trust score (80) instead of parsing real vetter output. Confirm that a trustworthy skill-vetter (and its scripts/vet.py) exists at the expected path and inspect it before relying on automated vetting.
- The scripts will invoke the clawhub CLI to list and update skills. apply_updates will run 'clawhub update', which can download and install third-party code — that's the intended function, but it means a compromised or malicious package reachable via clawhub could be installed automatically based on registry entries.
- auto_run uses shell=True to run commands and the README/crontab examples reference running under /root/.openclaw/workspace. Avoid adding the cron entries as root until you've tested behavior in a safe, non-privileged environment.
- The check_updates parsing is brittle (parses clawhub list output by splitting lines). Expect false positives/negatives; consider testing check_updates/apply_updates with dry-run to see what would happen.
- Before trusting automatic promotions/updates, manually inspect assets/skill-registry.json and the contents of skill-vetter and any skills you add. Prefer initially running scripts manually (use --dry-run where available) and validate that vetter output and trust-score calculations match the policy described in references/trust-ratings.md.
If you want to proceed: (1) run the vetter scripts manually and inspect their code, (2) run check_updates/apply_updates with --dry-run, (3) test scheduling in a non-root account, and (4) back up your workspace/registry file so you can roll back if an unexpected update is applied.
功能分析
Type: OpenClaw Skill
Name: skill-guardian
Version: 1.0.0
The Skill Guardian bundle is a utility designed to manage and secure an AI agent's skill collection by implementing trust scores, security vetting, and mandatory waiting periods for updates. The Python scripts (e.g., add_skill.py, apply_updates.py) interact with the clawhub CLI and local vetting tools to automate skill lifecycle management. While the scripts use subprocess execution and suggest cron-based persistence for automation, these behaviors are transparently documented and align strictly with the stated purpose of providing a defensive layer against supply chain attacks.
能力评估
Purpose & Capability
Name/description match the code: registry management, pending periods and trust-based updates are implemented. However the vetting step is effectively a placeholder (vet_skill returns a hard-coded trust_score and does not parse vetter output), so the claim 'Auto-scans every skill before adding' is misleading unless you provide/verify a working skill-vetter implementation.
Instruction Scope
Runtime instructions and scripts execute other programs (clawhub CLI and a skill-vetter script) and write a local registry JSON. add_skill calls an external vet.py via subprocess, check_updates runs 'clawhub list', and apply_updates runs 'clawhub update' which will fetch and install external code — these are expected for an updater but grant the skill the ability to trigger installation/execution of other skills. auto_run uses shell=True to invoke commands, which is more brittle and increases risk if paths are manipulated.
Install Mechanism
No install spec — instruction-only plus included Python scripts. Nothing is downloaded by the skill itself; external downloads happen via the clawhub CLI when you run updates (expected for an updater).
Credentials
No environment variables or secrets requested. Required components (Python, clawhub CLI, skill-vetter) are relevant to the stated purpose. The number and type of external requirements are proportionate to a registry/updater tool.
Persistence & Privilege
always:false (no forced always-on). The documentation recommends adding cron jobs and even shows examples using /root/.openclaw/workspace — running scheduled jobs as root or modifying system crontab increases risk and should be considered carefully. The skill will run periodically and may auto-update other skills if scheduled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-guardian - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-guardian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Skill Guardian – automated, secure AI skill management.
- Adds trust scoring and security vetting for new and existing skills.
- Implements delayed auto-updates (10 days) for non-high-trust skills; immediate update for trust ≥90.
- Introduces a 5-10 day pending period before new skills become active.
- Provides CLI tools for listing, adding, updating, and processing skills with safety checks.
- Supports automated scheduling via cron for hands-free operation.
- Detailed documentation included for setup, workflows, and best practices.
元数据
常见问题
Skill Guardian 是什么?
Safely manage your AI skill collection with trust scoring, security vetting, delayed auto-updates, and pending periods for new skills. Use when adding new sk... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 266 次。
如何安装 Skill Guardian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guardian」即可一键安装,无需额外配置。
Skill Guardian 是免费的吗?
是的,Skill Guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Guardian 支持哪些平台?
Skill Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Guardian?
由 liefqin(@liefqin)开发并维护,当前版本 v1.0.0。
推荐 Skills