ClawHub

Skill Quality Auditor

v1.0.0

Evaluate and score AgentSkills on design, content, security, and usability, producing a detailed numeric scorecard with improvement suggestions.

0· 84·0 current·0 all-time
by@ann0501
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: it is an on-disk reviewer that reads SKILL.md, references/, scripts/, and other files to produce a scorecard. No unrelated environment variables, binaries, or installs are requested.
Instruction Scope
Instructions require reading all files under the provided skill path and running grep-like checks against those files (explicitly: find, read SKILL.md, scan scripts/, references/ and assets/). This is appropriate for an auditor, but the skill will read any path you point it at — avoid passing system/root paths or other sensitive directories. The references include prompt-injection detection guidance (good), so the agent is expected to inspect SKILL.md for hidden directives.
Install Mechanism
Instruction-only skill with no install spec and no code files to write or execute. Lowest-risk install profile.
Credentials
No required environment variables, credentials, or config paths are declared or referenced. The audit checks look for credential usage inside the target skill but do not themselves require secret access.
Persistence & Privilege
Does not request always:true or system-wide configuration changes. Autonomous invocation is allowed (platform default) but not excessive for this type of tool.
Assessment
This skill appears internally consistent for auditing other skills. Before using it: (1) only point the reviewer at the skill directory you intend to audit (do not pass system or home directories), (2) run it on a copy/sandbox of the target skill if you're concerned about malicious payloads, (3) pay special attention to any grep/CRITICAL hits it reports (they warrant manual review), and (4) remember SKILL.md and reference files themselves can contain prompt-injection patterns — treat flagged findings as candidates for manual inspection rather than automatic trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ezhm31dsdr9p0dmvwknyan83vp8f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Reviewer

Four-dimension quality auditor for AgentSkills.

Review Process

Step 1: Inventory & Classify

  1. find /path/to/skill -type f — list all files. If path doesn't exist or is empty, abort with error.
  2. Read _meta.json or .clawhub/origin.json if present (source, version, author info).
  3. Read SKILL.md in full.
  4. Classify skill type per references/weight-adjustment.md → determine weights.

Step 2: Scan

  1. SKILL.md (full read)
  2. scripts/ (full read, do NOT execute)
  3. references/ (full read if ≤10 files or ≤50KB total; spot-check otherwise)
  4. assets/ (list filenames, flag non-asset file types: .sh/.py/.exe/.bat/.ps1 in assets/ = suspicious)
  5. Other files (.json, dotfiles, symlinks) — inspect each

Step 3: Score Each Dimension

Load reference files: references/design-quality.md, references/content-quality.md, references/security.md, references/usability.md.

For each dimension, walk the checklist and score per the rubric. Cite [file:line] for each finding.

Security shortcut: Run grep sweeps for CRITICAL patterns first (see security.md C1-C11). If any CRITICAL found → D3=1, note it, but still score remaining dimensions — don't skip them.

Orphan file check (security.md): After reading SKILL.md, cross-reference all mentioned files against the actual file list. Flag orphans.

Step 4: Calculate & Verdict

Weighted total = Σ(dim_score × adjusted_weight)

VerdictCondition
✅ PASSTotal ≥ 8 AND every dimension ≥ 6 AND no CRITICAL findings
🔧 REVISETotal < 8 OR any dimension < 6 OR any CRITICAL finding

CRITICAL auto-revise: Even if total ≥ 8, any security CRITICAL finding forces REVISE.

Report Format

Use list format (not tables — compatible with all platforms):

PASS:

【技能审校通过】
技能:{name}
路径:{path}
类型:{type}
综合得分:{score}/10
审校日期:{date}

• 设计质量({w1}%):{d1}/10 — {简要说明}
• 内容质量({w2}%):{d2}/10 — {简要说明}
• 安全性({w3}%):{d3}/10 — {简要说明}
• 实用性({w4}%):{d4}/10 — {简要说明}

亮点:
- {亮点1}
- {亮点2}

REVISE:

【技能审校打回】
技能:{name}
路径:{path}
类型:{type}
综合得分:{score}/10
审校日期:{date}

⚠️ 判定维度:
• 设计质量({w1}%):{d1}/10
• 内容质量({w2}%):{d2}/10
• 安全性({w3}%):{d3}/10
• 实用性({w4}%):{d4}/10

具体问题:
- [D1] {issue} — {file}:{line}
- [D3] 🔴 CRITICAL: {issue} — {file}:{line}

改进方向:
- {方向1}
- {方向2}

达标标准:
- {标准1}
- {标准2}

References

  • references/weight-adjustment.md — type classification + weight matrix
  • references/design-quality.md — D1 checklist + rubric + scoring rules
  • references/content-quality.md — D2 checklist + rubric + scoring rules
  • references/security.md — D3 pattern table + detection commands
  • references/usability.md — D4 checklist + rubric + scoring rules

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…