← 返回 Skills 市场
Skill Review
作者
Oliver Drobnik
· GitHub ↗
· v0.2.4
1208
总下载
2
收藏
4
当前安装
8
版本数
在 OpenClaw 中安装
/install skill-review
功能描述
Scrape ClawHub skill pages for Security Scan (VirusTotal/OpenClaw) + Runtime Requirements + Comments for all of Oliver's local skills, and write a markdown r...
安全使用建议
This skill appears to do what it says: it scans your local skills' SKILL.md to form ClawHub slugs, loads each ClawHub page in a headless browser (Playwright), extracts security scan summaries, and uses your VirusTotal API key (or ~/.openclaw/.env fallback) to enrich results. Before running: inspect scripts/skill_review.py and suppressions.json yourself (they're bundled), decide whether you are comfortable providing your VIRUSTOTAL_API_KEY (the script will use it to query VT and may cause VT requests tied to your key), and be aware that installing Playwright will download Chromium/brand binaries from upstream. If you don't want network access for a run, don't execute the script — it visits external sites (clawhub.ai and VirusTotal) by design.
功能分析
Type: OpenClaw Skill
Name: skill-review
Version: 0.2.4
The skill is designed to scrape security scan results from ClawHub and VirusTotal for local skills. It accesses local skill definitions under `~/Developer/Skills` (user-configurable), makes network requests to `clawhub.ai` and `virustotal.com`, and writes a report to `/tmp/`. The `VIRUSTOTAL_API_KEY` is handled securely via environment variables or `~/.openclaw/.env`. All observed behaviors, including file system access and network calls, are directly aligned with its stated purpose. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent in `SKILL.md`.
能力评估
Purpose & Capability
The skill says it scrapes ClawHub pages and gathers Security Scan (VirusTotal/OpenClaw) info and runtime requirements for local skills. It requires python3 and VIRUSTOTAL_API_KEY and uses Playwright to render client-side content — all of which are coherent with that goal.
Instruction Scope
Runtime instructions and included script enumerate local skill folders (SKILL.md), derive slugs, visit https://clawhub.ai/<owner>/<slug>, expand page details, and extract Security Scan / Runtime / Comments. The script only reads SKILL.md, optional slug-map, and a local suppressions.json (next to the script or in parent) and may read ~/.openclaw/.env as a fallback for the VT key. It does not attempt to read unrelated system files or credentials.
Install Mechanism
No install spec is provided (instruction-only with bundled script). The script depends on Playwright (Python) and therefore the user will likely install the playwright package and download Chromium via 'playwright install chromium' — this downloads a browser binary from upstream, which is expected but worth noting as an external binary download.
Credentials
Only VIRUSTOTAL_API_KEY is required (declared). The script legitimately uses the VT key to query VirusTotal and implements client-side rate limiting. The only other env-read behavior is a fallback to ~/.openclaw/.env to find the same key; no unrelated secrets or credentials are requested.
Persistence & Privilege
The skill is user-invocable and not set to always: true. It writes an output markdown to the specified --out path (example /tmp/) and may create Playwright browser artifacts if you install Playwright, but it does not persistently modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.4
fix: use /Users/oliver/clawd for workspace root to preserve symlink paths
v0.2.3
Fix env var declarations: move into requires.env as array (ClawHub metadata recognition)
v0.2.2
Declare missing dependencies, env vars, and sensitivity in metadata
v0.2.1
Rename .clawdhubignore to .clawhubignore
v0.2.0
Refactor: move setup/prerequisites to SETUP.md, keep SKILL.md lean
v0.1.2
MD formatting: avoid duplicating Security Scan raw fallback when DOM scrape succeeds.
v0.1.1
Scraper improvements: wait for client-side render; extract Security Scan from DOM (VT link + OpenClaw details); add --only.
v0.1.0
Initial release: scrape ClawHub Security Scan + Runtime requirements + Comments for all local skills (Playwright).
元数据
常见问题
Skill Review 是什么?
Scrape ClawHub skill pages for Security Scan (VirusTotal/OpenClaw) + Runtime Requirements + Comments for all of Oliver's local skills, and write a markdown r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1208 次。
如何安装 Skill Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-review」即可一键安装,无需额外配置。
Skill Review 是免费的吗?
是的,Skill Review 完全免费(开源免费),可自由下载、安装和使用。
Skill Review 支持哪些平台?
Skill Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Review?
由 Oliver Drobnik(@odrobnik)开发并维护,当前版本 v0.2.4。
推荐 Skills