← 返回 Skills 市场
skill-optimizer
作者
rampagepeter
· GitHub ↗
· v1.0.0
650
总下载
0
收藏
9
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-optimizer
功能描述
Analyzes AI conversation logs to evaluate skill performance and generate optimization suggestions. Use when user mentions "优化技能", "迭代技能", "skill optimization...
安全使用建议
This skill can analyze logs and will offer concrete edits — including directly editing another skill's SKILL.md after you confirm. Before installing or invoking it: 1) Be sure you trust the skill author and back up any skills you permit it to modify (export or copy SKILL.md). 2) Never provide paths to system or sensitive files; only point it at the specific skill files you want changed. 3) Require the agent to show a diff and ask for an additional explicit approval step before any write is performed. 4) Prefer running it in a sandbox or repository copy rather than letting it edit production skill files. 5) If you need assurance, ask the author to declare required config paths/permissions and to include a dry-run mode that outputs changes without writing them.
功能分析
Type: OpenClaw Skill
Name: skill-optimizer
Version: 1.0.0
The `SKILL.md` file contains instructions that pose significant security risks. Specifically, Phase 1 instructs the AI agent to "读取文件" (read file) based on user-provided paths, creating a Local File Inclusion (LFI) vulnerability. Furthermore, Phase 4 instructs the agent to "直接修改目标技能的 SKILL.md" (directly modify the target skill's SKILL.md), granting arbitrary file write capabilities to skill definitions. These explicit instructions to perform file system operations based on user input represent a direct prompt injection surface, allowing potential attackers to read sensitive files and inject malicious instructions into other skills for persistence or privilege escalation.
能力评估
Purpose & Capability
The SKILL.md expands the published description by adding an active modification step: after producing suggestions it will '直接修改目标技能的 SKILL.md' (directly edit the target skill's SKILL.md). The registry-level description presented to users did not clearly state this write behavior, so the skill's capabilities are broader than its top-level description suggests.
Instruction Scope
Runtime instructions explicitly tell the agent to: read conversation text (or read files from user-supplied paths), discover and read the target skill's SKILL.md, and—after user confirmation—directly modify that SKILL.md. Reading arbitrary file paths and writing to other skill files are high-scope actions that may touch unrelated or sensitive files if misused. The SKILL.md does require user confirmation before edits, but the ability to edit other skills is central and potentially dangerous.
Install Mechanism
Instruction-only skill with no install spec, no downloaded code, and no binaries. This minimizes supply-chain risk.
Credentials
The skill requests no environment variables or credentials, which superficially seems safe. However, the instructions rely on filesystem access to read arbitrary file paths and to modify other skills' SKILL.md files—access that is not declared in 'required config paths' or metadata. This mismatch between declared requirements and actual file read/write behavior is concerning.
Persistence & Privilege
The skill is not always-enabled (always: false), and it asks for user confirmation before making edits, which reduces autonomous risk. Nonetheless, it explicitly modifies other skills' files (SKILL.md), which is a permission beyond typical read-only analysis. The registry metadata does not declare or limit this write privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-optimizer - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-optimizer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
skill-optimizer 1.0.0
- Initial release of the skill-optimizer.
- Analyzes AI conversation logs to evaluate skill performance, comparing real interactions with design intent.
- Generates actionable optimization reports with prioritized suggestions for SKILL.md improvements.
- Supports analysis across trigger accuracy, workflow execution, output quality, user interaction, and instruction effectiveness.
- Guides users through report confirmation and assists with direct SKILL.md modifications based on approved suggestions.
元数据
常见问题
skill-optimizer 是什么?
Analyzes AI conversation logs to evaluate skill performance and generate optimization suggestions. Use when user mentions "优化技能", "迭代技能", "skill optimization... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 650 次。
如何安装 skill-optimizer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-optimizer」即可一键安装,无需额外配置。
skill-optimizer 是免费的吗?
是的,skill-optimizer 完全免费(开源免费),可自由下载、安装和使用。
skill-optimizer 支持哪些平台?
skill-optimizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-optimizer?
由 rampagepeter(@rampagepeter)开发并维护,当前版本 v1.0.0。
推荐 Skills