← 返回 Skills 市场
495
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-recommender
功能描述
Find, filter, cluster, and recommend similar OpenClaw skills by intent, function, or use case. Use when the user wants to find同类 skill、比较多个相近 skill、判断哪个 skil...
安全使用建议
This skill appears to be what it says: a local recommender that reads SKILL.md files in a skills directory and ranks/clusters them. Before installing or running it: (1) Confirm you intend to let it read the specified skills_dir — any SKILL.md files there will be read; avoid pointing it at directories that contain secrets. (2) Be aware of a correctness issue: match-type labels may underrepresent confidence because scoring and label thresholds are misaligned. (3) If you want extra assurance, inspect the three scripts yourself or run them against a small test directory in a sandboxed environment to verify behavior. No network calls or secret exfiltration were found in the code.
功能分析
Type: OpenClaw Skill
Name: skill-recommender
Version: 0.1.0
The skill bundle contains scripts (recommend_skills.js, check_skill_dedup.js, cluster_skills.js) that perform file system operations based on user-provided directory paths without sanitization, creating a potential path traversal vulnerability. Additionally, SKILL.md includes a hardcoded absolute path belonging to a specific local user ('/Users/jianghaidong/'), which is a minor information leak and suggests the code may not have been properly audited for distribution. While the logic appears aligned with the stated purpose of recommending skills, the lack of input validation on file paths is a security flaw.
能力评估
Purpose & Capability
Name/description match the included scripts: recommend, cluster, and dedup checks over a skills directory. One implementation mismatch: recommend_skills.js uses an absolute scoring scale (adds 30/18/12 points per match) while inferMatchType expects scores like 80/60/40; this will make high-confidence match labels unlikely even for good matches (functional correctness issue, not a security issue).
Instruction Scope
SKILL.md instructs the agent to scan a local skills directory and read SKILL.md metadata — this is coherent with the recommender purpose. This behavior reads only SKILL.md files and folder names (the scripts call fs.readFileSync on SKILL.md) and does not call external endpoints. Consider that any sensitive information present in SKILL.md files will be read and used by the skill (privacy consideration).
Install Mechanism
No install spec (instruction-only with bundled scripts). No downloads, no package installs, and scripts are plain Node.js using fs/path — low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The filesystem access it needs (a skills directory) is proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request to persist configuration or modify other skills. It runs locally against a user-specified directory and does not try to elevate privileges or change agent/system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-recommender - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-recommender触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial publish
元数据
常见问题
skill-recommender 是什么?
Find, filter, cluster, and recommend similar OpenClaw skills by intent, function, or use case. Use when the user wants to find同类 skill、比较多个相近 skill、判断哪个 skil... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 495 次。
如何安装 skill-recommender?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-recommender」即可一键安装,无需额外配置。
skill-recommender 是免费的吗?
是的,skill-recommender 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
skill-recommender 支持哪些平台?
skill-recommender 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-recommender?
由 haidong(@harrylabsj)开发并维护,当前版本 v0.1.0。
推荐 Skills