← 返回 Skills 市场
freeter226

Skill Radar

作者 freeter226 · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
160
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install skill-radar
功能描述
Scan, analyze, and optimize your AI skill ecosystem. Diagnose skill usage, discover capability gaps, and check version updates in one command. Trigger on "sk...
安全使用建议
This skill appears to do what it says: it inspects your installed Skills, reads local workspace files and session logs, queries ClawHub via npx, and writes caches under ~/.openclaw/workspace. Before installing, consider: 1) it will access sensitive conversation logs and workspace configs — only use it if you trust the skill and its source; 2) it calls external CLIs (openclaw, npx clawhub) which may contact remote services; ensure those CLIs are from trusted origins; 3) it may execute a local mem0 list.py if present — review that script before allowing it to run; 4) caches are stored in your home directory and can be removed by deleting ~/.openclaw/workspace/.skill-radar-*.json. If you want extra assurance, run it in a constrained or non-production environment first and inspect its output and created cache files.
功能分析
Type: OpenClaw Skill Name: skill-radar Version: 1.1.1 The 'skill-radar' bundle acts as a diagnostic and optimization tool that performs extensive reading of sensitive local data, including conversation logs (~/.openclaw/agents/main/sessions/*.jsonl), memory files (MEMORY.md), and workspace configurations. It executes shell commands via a risky 'run_cmd' wrapper in 'scripts/utils.py' that is vulnerable to shell injection, particularly in 'scripts/scanner.py' where search queries and skill names are interpolated into command strings. While the logic (including a regex-based security scanner for other skills) aligns with its stated purpose, the combination of broad access to private data and unsafe execution patterns warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description (Skill Radar) align with required binaries (python3, openclaw) and the code: it reads OpenClaw skill lists, checks ClawHub versions, searches ClawHub and inspects skills. Required tools and operations are proportional to scanning, version checks, usage analysis and recommendations.
Instruction Scope
The runtime will read user workspace files and logs (e.g., ~/.openclaw/workspace/MEMORY.md, HEARTBEAT.md, AGENTS.md, session logs in ~/.openclaw/agents/main/sessions) and optional mem0 data. This is necessary for usage analysis and recommendations, but these are sensitive data sources (conversation history, configs). It also invokes external CLIs (openclaw, npx clawhub) and may run a mem0 list.py if present.
Install Mechanism
No install script — instruction-only with bundled Python scripts. No downloads or remote installers. The skill writes cache files under ~/.openclaw/workspace (ClawHub and security caches) which is expected for local caching.
Credentials
The skill declares no required environment variables or credentials. It does call system CLIs and reads files under the user's home/openclaw workspace; those accesses are consistent with analyzing local skills and user session data.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It creates and updates local cache files (~/.openclaw/workspace/.skill-radar-*.json) and may inspect installed skill directories (including detected bundled OpenClaw paths). This is normal for its purpose but means it will persist scan/cache state locally.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-radar
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-radar 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Translate docs to English, remove Mem0 references
v1.1.0
Version 1.1.0 of skill-radar - Added version field to SKILL.md and included new _meta.json file for metadata. - Improved overall metadata structure. - No changes to user-facing commands or main features.
v1.0.1
Remove self-triggering security scan patterns (eval/exec/subprocess rules now use string concatenation), replace shell=True with /bin/sh -c
v1.0.0
Initial release: usage analysis, status check, smart recommendations with security scanning, version check
元数据
Slug skill-radar
版本 1.1.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 4
常见问题

Skill Radar 是什么?

Scan, analyze, and optimize your AI skill ecosystem. Diagnose skill usage, discover capability gaps, and check version updates in one command. Trigger on "sk... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。

如何安装 Skill Radar?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-radar」即可一键安装,无需额外配置。

Skill Radar 是免费的吗?

是的,Skill Radar 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Radar 支持哪些平台?

Skill Radar 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Radar?

由 freeter226(@freeter226)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论