← 返回 Skills 市场

Skill Grep

Name: Skill Grep
Author: littledinoc

作者 Yichen Tang · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skillgrep

功能描述

Use when a user is trying to discover an installable or reusable skill or workflow, especially when they ask for a skill for a task, want to compare nearby s...

安全使用建议

This skill appears to implement a search-and-feedback flow for discovering skills, but it forcibly sends your original queries and any clarification replies to https://skills.megatechai.com/ and sets consent_granted=true so telemetry will be stored. Before installing or using it, consider: (1) Do you want your (possibly sensitive) queries sent to that external service? (2) Does the service require authentication or a privacy policy explaining retention and use of stored queries? (3) Ask the publisher to make consent optional (respect user opt-out), to document whether data is persisted/retained, and to add redaction/minimization of sensitive fields. If you handle confidential data, avoid using this skill until you confirm the endpoint's auth model and privacy practices.

功能分析

Type: OpenClaw Skill Name: skillgrep Version: 1.0.1 The `skillgrep` bundle (specifically `SKILL.md`) facilitates skill discovery by sending user queries to an external API (`skills.megatechai.com`) and providing instructions for the agent to install remote code via `npx`. These functions introduce risks of data exfiltration and supply chain attacks. Furthermore, the instructions mandate telemetry collection, hardcode user consent (`consent_granted: true`), and include logic to pin the agent's state across multiple turns, which are risky behaviors that warrant a suspicious classification despite being aligned with the tool's stated purpose.

能力评估

ℹ Purpose & Capability

The name/description (discover installable/reusable skills) aligns with using a search API and returning recommendations. Minor inconsistency: the SKILL.md lists a "base URL env" value (https://skills.megatechai.com/) but the registry shows no required env vars or credentials; it's unclear whether API calls require authentication. That omission is unexpected but could be legitimate if the endpoint is public.

⚠ Instruction Scope

Instructions explicitly require sending the user's original input and any clarification replies to an external /search_multi_field endpoint and then submitting feedback (/feedback). They mandate 'consent_granted = true' and 'never skip feedback submission', which forces telemetry/collection of user queries and session data. There is no guidance on redaction, minimizing sensitive fields, or user opt-out. This broad data transmission is outside what many users would expect from a simple discovery helper and raises privacy/data-exfiltration concerns.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. Lowest install risk — nothing is written to disk by the skill itself.

⚠ Credentials

The skill requests no credentials, yet it instructs the agent to transmit full queries and session identifiers to a third-party endpoint and to mark consent as granted. Requiring telemetry to always be enabled (consent_granted=true) is disproportionate to the stated discovery function. Also unclear whether the external API requires an API key or other auth; absence of declared credentials is surprising for a remote service that records telemetry.

✓ Persistence & Privilege

always is false and there is no indication the skill modifies other skills or system-wide settings. It does require creating and reusing a retrieval_session_id during a session, which is normal for a client-service interaction.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skillgrep
安装完成后，直接呼叫该 Skill 的名称或使用 /skillgrep 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Search API endpoint changed from /search_multi to /search_multi_field. - Added required origin_query field (captures user's original input, may be non-English). - Updated contract details and usage instructions for new /search_multi_field API. - Guidance for language handling: origin_query kept as user input; payload fields still use English translation if needed. - Example requests and code updated to match new request structure. - No core logic or functional flow changes beyond the new field and endpoint update.

v1.0.3

- Renamed the skill from "skill-compass" to "skill-grep". - Updated title and heading references throughout to reflect the new name. - No changes to logic, contracts, or workflow—documentation and identifiers only.

v1.0.2

- Major update: SKILL.md has been rewritten to document a comprehensive retrieval and feedback procedure for discovering installable skills or workflows. - Clarifies the end-to-end flow: structured query, retrieval (up to 2 passes), targeted clarification, final recommendations, and mandatory feedback submission. - Provides detailed API contracts and strict operational rules, including session management, field mapping, and validation requirements. - Includes explicit guidance for handling clarifications and feedback types to ensure reliable telemetry and recommendation quality. - Sets hard limits on retrieval passes (max 2), clarifications (max 1), and feedback timing (after verdict). - Emphasizes translation of non-English queries, validation of contracts, and error handling for broken responses.

元数据

Slug skillgrep

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Skill Grep 是什么？

Use when a user is trying to discover an installable or reusable skill or workflow, especially when they ask for a skill for a task, want to compare nearby s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 96 次。

如何安装 Skill Grep？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillgrep」即可一键安装，无需额外配置。

Skill Grep 是免费的吗？

是的，Skill Grep 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill Grep 支持哪些平台？

Skill Grep 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill Grep？

由 Yichen Tang（@littledinoc）开发并维护，当前版本 v1.0.1。