← 返回 Skills 市场
skill-usefulness-audit
作者
gongyu0918-debug
· GitHub ↗
· v0.2.7
· MIT-0
292
总下载
7
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install skill-usefulness-audit
功能描述
Finds unused, overlapping, risky, or under-evidenced agent skills and produces a cleanup report.
安全使用建议
This skill appears to be a legitimate, local audit tool: it scans installed skill files, usage exports, and conversation history and produces a cleanup report. Before running it, review the included Python script (scripts/skill_usefulness_audit.py) yourself and run it in a trusted environment. Ensure the skills root and any usage/history files you provide do not contain secrets you don't want read by the script. If you require strictly manual-only runs, confirm your platform honors the skill's manual-invocation guidance (or set disable-model-invocation where possible) so the agent cannot call this skill autonomously.
功能分析
Type: OpenClaw Skill
Name: skill-usefulness-audit
Version: 0.2.7
The skill bundle is a comprehensive utility designed to audit the usefulness, quality, and security risk of other installed skills. The core logic in `scripts/skill_usefulness_audit.py` performs static analysis, usage tracking, and risk scanning (detecting patterns like `curl|bash`, `eval`, or access to `.ssh` in other bundles). While the script requires broad read access to the skills directory and history logs to function, its behavior is strictly aligned with its stated purpose, and there is no evidence of data exfiltration, unauthorized execution, or malicious intent.
能力评估
Purpose & Capability
The name/description (audit installed skills for usefulness/risk) matches the provided artifacts: a detailed SKILL.md, an ablation protocol, scoring rubric, and a Python audit script. The included script and references are proportionate to implementing a local audit tool.
Instruction Scope
Runtime instructions explicitly require collecting installed-skills metadata, usage files, history transcripts, and local references, then scoring and producing reports. Those actions are within scope for a skill-audit tool. The SKILL.md emphasizes manual trigger only and describes which files to read; it does not instruct uploading data to external services.
Install Mechanism
There is no install spec (instruction-only) and the repository includes a Python script the user runs locally. No external downloads or package installs are required by the bundle itself, which reduces supply-chain risk.
Credentials
The skill declares no required environment variables, binaries, or credential access. It reads local skill files, usage exports, and history transcripts for audit evidence — appropriate for this purpose. The code contains risk-detection regexes for protected-path patterns (e.g., .ssh, .aws) but does not itself request those credentials.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. SKILL.md requests manual invocation only. Registry metadata shows model-invocation is allowed by default (disable-model-invocation: false), which could allow autonomous invocation depending on platform enforcement; agents/openai.yaml sets allow_implicit_invocation: false. This is a minor policy mismatch to be aware of but not an indication of malicious intent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-usefulness-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-usefulness-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.7
Fix script burden detection, refresh stale ablation candidates, and improve mixed-language context estimates
v0.2.6
Add quality burden scoring, cost-efficient ablation planning, and model-cost reduction estimates
v0.2.5
Improve README positioning, shorten ClawHub summary, and add score/report breakdowns
v0.2.4
Use lifetime community signals, improve history fallback recall, remove redundant risk reads, and validate bundle drift in CI
v0.2.3
Fix duplicate-name evidence routing, make bundle sync CRLF-safe, add missing-file warnings, and tighten risk scanning
v0.2.2
Reduce ClawHub scan false positives, rename protected-path risk labels, and keep audit behavior intact
v0.2.1
Fix duplicate-name evidence routing, doc-only risk false positives, host-prompt history inflation, and README quickstart
v0.2.0
Recency-weighted evidence, confidence score, risk scan, and offline community metrics
v0.1.1
Compatibility expansion and bilingual introduction
v0.1.0
Initial release
元数据
常见问题
skill-usefulness-audit 是什么?
Finds unused, overlapping, risky, or under-evidenced agent skills and produces a cleanup report. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 292 次。
如何安装 skill-usefulness-audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-usefulness-audit」即可一键安装,无需额外配置。
skill-usefulness-audit 是免费的吗?
是的,skill-usefulness-audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
skill-usefulness-audit 支持哪些平台?
skill-usefulness-audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-usefulness-audit?
由 gongyu0918-debug(@gongyu0918-debug)开发并维护,当前版本 v0.2.7。
推荐 Skills