← 返回 Skills 市场
icarus-chen

skillnet

作者 Icarus_Chen · GitHub ↗ · v2.0.3 · MIT-0
cross-platform ⚠ suspicious
1148
总下载
10
收藏
3
当前安装
11
版本数
在 OpenClaw 中安装
/install skillnet
功能描述
Search, download, create, evaluate, and analyze reusable agent skills via SkillNet — the open skill supply chain for AI agents. Use when: (1) Before any mult...
安全使用建议
This skill appears to implement what it says, but proceed cautiously: - Verify the 'skillnet-ai' package before installing: check its PyPI page and source repository to confirm the maintainer and review the code. Installing arbitrary PyPI packages can execute code on your machine. - Confirm the API host(s) you'll interact with: the documentation lists api-skillnet.openkg.cn as the public search API and lets you set BASE_URL for your LLM endpoint. If you will send skill or document content to an LLM, prefer a local BASE_URL (e.g., a local vLLM) for sensitive data. - Do not provide long‑lived or highly privileged credentials without understanding scope. API_KEY is required for create/evaluate/analyze; the SKILL.md instructs one‑shot injection but double‑check you’re not exporting keys to persistent files. - Be cautious about using any 'mirror' option for GitHub downloads — a mirror could route content through an untrusted server. Prefer direct GitHub API downloads and review files locally before loading them into the agent context. - There is a small metadata inconsistency: the registry lists no required env vars while the skill requires API_KEY; confirm this before running commands that prompt for keys. - Inspect the included scripts (scripts/skillnet_create.py and skillnet_validate.py) — they appear benign and offline, but the actual network behavior depends on the 'skillnet-ai' package which the scripts import. Only run commands after you’ve reviewed the package and confirmed you trust the endpoints. If you are comfortable verifying the package origin and using one‑time API key injection (or a local LLM), the skill is reasonable. If you cannot verify the upstream package or you must handle sensitive documents, decline to install or use a local BASE_URL and review all generated files before executing anything.
功能分析
Type: OpenClaw Skill Name: skillnet Version: 2.0.3 The skillnet bundle provides a comprehensive framework for managing AI agent skills, including searching, downloading, and creating new skills. The bundle demonstrates a strong security posture by including explicit guardrails in SKILL.md and security-privacy.md that instruct the agent to treat all downloaded content as untrusted, require user confirmation for sensitive actions, and avoid executing third-party scripts automatically. The provided Python scripts (skillnet_create.py and skillnet_validate.py) are transparent wrappers for the skillnet-ai library and do not contain any evidence of malicious intent, data exfiltration, or unauthorized credential usage. All network communication is directed to legitimate services such as GitHub or the user's specified LLM endpoint.
能力评估
Purpose & Capability
Name, description, CLI patterns, and included scripts align: the skill is for searching/downloading/creating/evaluating skills and the code and docs implement that. Requiring an API_KEY as the primary credential is appropriate for create/evaluate/analyze operations. The included Python scripts and CLI install suggestions are proportional to the declared functionality.
Instruction Scope
SKILL.md instructs the agent to search (no key), download only GitHub repos, require explicit user confirmation before downloading/loading/executing, and to never auto-run downloaded scripts — these are good restrictions. It writes artifacts to ~/.openclaw/workspace/skills and instructs what to show users for review. No instructions attempt to read unrelated system secrets or auto-exfiltrate data. Note: SKILL.md references openclaw.json and other local config locations as possible configured credentials (documented transparency), so you should verify what local config it may read in your environment.
Install Mechanism
The registry shows 'no install spec' but the SKILL.md frontmatter contains install commands recommending 'pipx install skillnet-ai' or 'pip install skillnet-ai'. Installing a third‑party package from PyPI is a typical but higher‑risk install path because the package source and contents must be verified. Additionally, the client supports an optional 'mirror' (e.g. ghfast.top) for downloads — using a non-official mirror could redirect downloads through an untrusted host. No direct binary downloads or extract-from-URL patterns are present in the skill files, which reduces risk, but you should verify the 'skillnet-ai' package origin on PyPI/GitHub before running installs.
Credentials
The primary credential declared is API_KEY and the docs consistently require API_KEY for create/evaluate/analyze; that is proportional. However, registry metadata lists 'Required env vars: none' while frontmatter and code clearly expect an API_KEY (primaryEnv). This metadata mismatch is confusing and should be resolved before installing. Optional env vars (BASE_URL, GITHUB_TOKEN, SKILLNET_MODEL, GITHUB_MIRROR) are reasonable for the described features but are privileges you should consider carefully (particularly BASE_URL and GITHUB_TOKEN for private repo access).
Persistence & Privilege
The skill does not request 'always: true' and does not claim persistent background processes. It writes created/downloaded skills to a local workspace path (~/.openclaw/workspace/skills), which is expected. It does not attempt to modify other skills or system-wide settings in the included files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skillnet
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skillnet 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.3
Skillnet 2.0.3 — No functional changes - No file changes detected in this version. - Documentation, functionality, and installation remain identical to the previous release.
v2.0.2
No user-facing changes in this release; documentation and interface remain the same.
v2.0.1
No visible file changes detected; this is a metadata/bump release. - Version bumped to 2.0.1. - No changes to core SKILL.md content or implementation files. - All processes, descriptions, and installation steps remain unchanged.
v2.0.0
Skillnet 2.0.0 — Major Structural and Security Updates - Reorganized scripts: added skillnet_create.py and skillnet_validate.py, removed older script and setup files for improved maintainability. - Introduced references/security-privacy.md to document security and privacy practices. - Clarified usage: updated guidance on when to search, create, and apply skills, and emphasized security for downloaded scripts. - Refined metadata and streamlined task triggers in SKILL.md for easier integration and clearer logic. - Enforced GitHub-only download restriction and outlined strict user consent before executing any downloaded code.
v1.0.6
Hardened inherent capability risks flagged by OpenClaw safety review: added download source restrictions, precise data flow transparency, sensitive data warnings, third-party skill isolation policies, and prompt injection defenses — while preserving all original functionality.
v1.0.5
Added explicit user confirmation gates for all security-sensitive operations (download, load, create, evaluate, analyze, script execution) and a centralized User Confirmation Policy, replacing previous auto-execute directives that triggered a "Suspicious" rating in OpenClaw safety review. Credential handling changed from "silent if configured" to a transparent model that always informs the user which credentials and endpoints are in use.
v1.0.4
Version 1.0.4
v1.0.3
- Updated all default local skill library paths from `~/.openclaw/workspace/skills` to `~/.openclaw/skills` in documentation and examples. - Adjusted deduplication and outdated skill removal instructions. - Minor corrections and clarification to step descriptions and code examples in SKILL.md and reference files. - No breaking changes to functionality or requirements.
v1.0.2
Improved security compliance and credential handling.
v1.0.1
Install & security hardening: removed curl|sh/remote scripts, --break-system-packages, PEP 668 workarounds, and uv auto‑installs; install is now pipx→pip only (user‑level); docs add direct skill‑subdir URLs and Data & Privacy whitelists.
v1.0.0
Initial release: search/download/create/evaluate/analyze skill pipeline
元数据
Slug skillnet
版本 2.0.3
许可证 MIT-0
累计安装 4
当前安装数 3
历史版本数 11
常见问题

skillnet 是什么?

Search, download, create, evaluate, and analyze reusable agent skills via SkillNet — the open skill supply chain for AI agents. Use when: (1) Before any mult... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1148 次。

如何安装 skillnet?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillnet」即可一键安装,无需额外配置。

skillnet 是免费的吗?

是的,skillnet 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

skillnet 支持哪些平台?

skillnet 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 skillnet?

由 Icarus_Chen(@icarus-chen)开发并维护,当前版本 v2.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论