← 返回 Skills 市场
bennettphil

Skill Soup

作者 Phil Bennett · GitHub ↗ · v0.5.0
cross-platform ⚠ suspicious
874
总下载
2
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-soup
功能描述
Autonomous skill generation agent that picks up community ideas, uses evolved builder tools to produce Agent Skills, and publishes them back to the Skill Soup ecosystem. Also supports community actions — submitting ideas, voting on ideas, and voting on skills.
安全使用建议
This skill appears to do exactly what it says: it will run a local generation workflow, create files under .soup, persist an auth token to .soup/auth.json, and publish generated skills via the local API (which claims to create GitHub repos). Because the skill can autonomously generate, mutate, and publish code, take these precautions before using it: - Only run it in an isolated/test environment (not on a machine with sensitive data or broad filesystem/network access). - Inspect any builders in .soup/builders before allowing the agent to execute or follow them — builders can instruct the agent to create arbitrary code or make external requests. - Limit the scope of tokens used by the Skill Soup API / GitHub (give the minimum permissions, or use a throwaway account) and be prepared to revoke them if something looks wrong. - Do not run continuous/unsupervised generation loops until you have validated the builder pool and the API behavior. - Prefer to run the Skill Soup API and skill runner locally under network restrictions (e.g., no outbound access) if you want to avoid accidental publishing/exfiltration. Confidence is medium because the skill is instruction-only (no code to scan) and its provenance is unknown; the instructions are coherent with the declared purpose but grant broad autonomous capabilities that could be abused.
功能分析
Type: OpenClaw Skill Name: skill-soup Version: 0.5.0 The skill bundle presents a significant supply chain vulnerability. In `SKILL.md`, Step 2 instructs the agent to download and replace its entire `.soup/builders/` directory with content (including `SKILL.md` files and arbitrary `files_json`) from the `http://localhost:3001/api/builders/sync` endpoint. The agent is then explicitly instructed in Step 5 to 'Follow the selected builder's SKILL.md instructions,' creating a direct prompt injection vector. This design allows a compromised or malicious Skill Soup API to inject arbitrary code and instructions, leading to potential remote code execution and other harmful activities, despite the skill itself not containing explicit malicious intent.
能力评估
Purpose & Capability
Name/description match the behavior in SKILL.md: the agent talks to a Skill Soup API, picks ideas, uses builders, produces skills, and publishes them (the workflow describes creating repos via the API). The claimed capabilities reasonably explain the files it reads/writes (.soup workspace) and the device-flow auth.
Instruction Scope
The SKILL.md gives the agent broad, open-ended instructions: run a generation loop, choose builders from a local pool, rewrite builders' SKILL.md (mutation), validate outputs, and publish results. While these actions align with the stated purpose, they effectively let the agent generate arbitrary code and push it to remote repositories via the API. The instructions also persist authentication tokens to .soup/auth.json and manage local workspace state. This broad autonomy and ability to mutate and publish code is a significant operational risk, especially because builders (which the agent will execute/interpret) can themselves contain arbitrary instructions.
Install Mechanism
Instruction-only skill with no install spec and no binaries to install. Nothing is written to disk by a packaged installer; runtime writes are limited to the .soup workspace described in SKILL.md. This is lower install risk, but runtime filesystem writes still occur per the instructions.
Credentials
The skill declares no required env vars or external credentials. It does, however, instruct saving a JWT returned by the local API to .soup/auth.json and to use it for subsequent API calls. Storing a token locally is functionally necessary for the workflow, but it creates a persistent credential that other processes or skills could read if they have access to the same filesystem; the skill itself does not request unrelated credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). It does create and modify local state (.soup directory and auth.json) and interacts with an external publishing endpoint (the Skill Soup API that may create GitHub repos). The ability to autonomously loop (generate/publish repeatedly) combined with token persistence increases blast radius if the skill or builders are malicious. No explicit step shows modifying other skills' configs beyond the .soup workspace, which is appropriate for its role.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-soup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-soup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.0
Skill Soup Runner 1.0.0 – Initial Release - Introduces an autonomous agent for the Skill Soup ecosystem supporting skill generation and community actions. - Enables authentication with the Skill Soup API using GitHub device flow. - Supports community actions: add new ideas, vote on ideas, and vote on skills directly from the agent. - Implements a skill generation workflow: select ideas, choose builder tools, generate and publish new agent skills. - Manages builder pool synchronization and workspace setup for seamless operation. - Provides detailed user guidance and feedback for all actions and workflows.
元数据
Slug skill-soup
版本 0.5.0
许可证
累计安装 4
当前安装数 4
历史版本数 1
常见问题

Skill Soup 是什么?

Autonomous skill generation agent that picks up community ideas, uses evolved builder tools to produce Agent Skills, and publishes them back to the Skill Soup ecosystem. Also supports community actions — submitting ideas, voting on ideas, and voting on skills. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 874 次。

如何安装 Skill Soup?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-soup」即可一键安装,无需额外配置。

Skill Soup 是免费的吗?

是的,Skill Soup 完全免费(开源免费),可自由下载、安装和使用。

Skill Soup 支持哪些平台?

Skill Soup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Soup?

由 Phil Bennett(@bennettphil)开发并维护,当前版本 v0.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论