ClawHub

现象描述:校验skill是否合格

v1.0.0

Audit another Codex skill for structural compliance, trigger quality, instruction clarity, reuse of scripts or references, and overall maintainability. Use w...

0· 52·0 current·0 all-time
by@aidenchangzy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (skill-quality-auditor) match the included functionality: a deterministic local audit script plus rubric and guidance. The skill does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md explicitly tells the agent to run the bundled script (scripts/evaluate_skill.py) against a target skill folder and to inspect files referenced by the script; the script only reads files inside the target skill folder (SKILL.md, scripts/, references/, agents/openai.yaml) and does not attempt network calls or read unrelated system files.
Install Mechanism
No install spec is present (instruction-only plus a bundled, dependency-free Python script). Nothing is downloaded or extracted from external URLs; the script is included and runs locally.
Credentials
The skill declares no required environment variables, credentials, or special config paths, and the script does not read environment secrets or contact external endpoints.
Persistence & Privilege
always:false and no requested system modifications. The skill can be invoked autonomously (disable-model-invocation:false) which is the platform default; this is not a concern by itself but means an agent could run the auditor on any supplied folder if given access.
Assessment
This skill appears to do what it says: run the included scripts/evaluate_skill.py to audit a target skill folder using the bundled rubric. The bundled script is dependency-free and works by reading files inside the target skill directory only. Minor thing to note: the frontmatter name in SKILL.md is 'skill-quality-auditor' while the registry slug is 'skill-quality-auditor-new' — the auditor script flags name/folder-name mismatches, so either rename the folder or align the frontmatter to avoid a structural penalty. Before allowing an agent to run this auditor autonomously on untrusted skill folders, remember it will read any files inside the target folder (SKILL.md, scripts/, references/, agents/...), so only point it at content you trust or sandbox the input. Otherwise, there are no extra credentials, network downloads, or hidden behaviors to be concerned about.

Like a lobster shell, security has layers — review code before you run it.

latestvk972hdd136qr58z8deszfndg8184qc0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments