ClawHub

Skill Analyzer

v0.2.0

Analyzes OpenClaw skills for functionality, security, usability, documentation, maintainability, and best practices to provide quality scores and improvement...

0· 313·1 current·1 all-time
bycodeblackhole@codeblackhole1024
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the delivered artifacts: a Python-based skill quality analyzer. No unexpected env vars, binaries, or install steps are requested. Including scripts/analyzer.py is reasonable for this purpose.
!
Instruction Scope
SKILL.md instructs running the included Python analyzer and claims it's 'safe to run on any skill' and 'does not modify analyzed skills'. The code reads SKILL.md and script files under the target path (expected), but contains several problematic/naive behaviors: manual frontmatter parsing that can be brittle, simplistic heuristics for CLI detection and secret detection (likely false negatives/positives), and a truncated _assess_risk implementation (unfinished 'ret' token) that will cause runtime errors or incorrect risk reporting. These mean the tool can crash or produce misleading scores.
Install Mechanism
No install specification (instruction-only with bundled script). That is low-risk from an installation standpoint — nothing is automatically downloaded or written to disk by an installer.
Credentials
No environment variables, credentials, or config paths are requested. The analyzer only reads files under the supplied skill path; it does not declare access to unrelated secrets or services.
Persistence & Privilege
The skill is not forced-always, does not request system-wide persistence, and the code does not appear to modify global agent configuration. It reads files but does not declare any persistent privileges.
What to consider before installing
This skill is internally coherent (a Python tool that analyzes skills) but exercise caution before running it on important data. Key points: - The analyzer is pure-Python and requests no secrets or installs, which reduces risk of exfiltration, but you should still inspect scripts/analyzer.py before executing. - The analyzer contains logic bugs: scoring math is inconsistent with the documented 0-10 scale (the code scales to 0-100), and the risk-assessment function is truncated (an unfinished 'ret' token) which will likely crash or misreport risk. Expect unreliable/misleading results until those are fixed. - The security checks are heuristic: secret detection and eval/exec detection are simplistic and can miss issues or generate false positives. Do not rely solely on its output for security-critical decisions. - Recommended actions: (1) manually review scripts/analyzer.py for the truncated function and other logic issues, (2) run it first in an isolated/sandbox environment and against non-sensitive test skills, (3) if you plan to use its reports for decisions, validate a few results manually and consider improving its heuristics before trusting its risk scores. If you want, I can list the specific buggy code locations and suggest precise fixes to make the analyzer safer and more accurate.

Like a lobster shell, security has layers — review code before you run it.

analysisvk979dks5cvb85xmgqmee2wg9gx82ftddlatestvk979dks5cvb85xmgqmee2wg9gx82ftddqualityvk979dks5cvb85xmgqmee2wg9gx82ftddreviewvk979dks5cvb85xmgqmee2wg9gx82ftddsecurityvk979dks5cvb85xmgqmee2wg9gx82ftdd
313downloads
0stars
3versions
Updated 1mo ago
v0.2.0
MIT-0
codeblackhole@codeblackhole1024
analysislatestqualityreviewsecurity
Download

Skill Analyzer - Comprehensive Skill Analysis Tool

Overview

Skill Analyzer evaluates OpenClaw skills across 5 dimensions to provide a comprehensive quality assessment. It helps identify strengths, weaknesses, and improvement opportunities. Built with pure Python - no external dependencies required.

Analysis Dimensions (5 total)

1. Functionality Analysis (25%)

  • Core features implementation completeness
  • Edge cases handling
  • Error handling and robustness
  • Command-line interface quality

2. Security Analysis (25%)

  • Input validation
  • Credential handling
  • No hardcoded secrets
  • Safe execution patterns

3. Usability Analysis (20%)

  • User experience quality
  • Documentation clarity
  • Installation complexity
  • Example availability

4. Documentation Quality (15%)

  • SKILL.md completeness
  • Frontmatter (name, description)
  • Usage examples
  • Tag coverage

5. Best Practices (15%)

  • Code structure and organization
  • Error handling patterns
  • Configuration management

Usage

Requirements

  • Python 3.7+ (no external dependencies - uses only stdlib)

Analyze a Skill

# Analyze a local skill
python3 scripts/analyzer.py --path /path/to/skill

# Analyze with detailed output
python3 analyzer.py --path /path/to/skill --verbose

# Output to JSON
python3 analyzer.py --path /path/to/skill --output report.json

# Compare two skills
python3 analyzer.py --compare skill1 skill2

Dimensions Scoring

Each dimension is scored 0-10:

  • 8-10: Excellent
  • 6-7: Good
  • 4-5: Average
  • 2-3: Below Average
  • 0-1: Poor/Needs Improvement

Example Output

==========================================
Skill Analysis Report: example-skill
==========================================

Overall Score: 7.5/10

Dimension Scores:
  Functionality:    8/10 ████████░░
  Security:         9/10 █████████░
  Usability:        7/10 ███████░░░
  Documentation:    6/10 ██████░░░░
  Best Practices:   7/10 ███████░░░

Strengths:
  ✓ Good security practices
  ✓ Clean code structure
  ✓ Proper error handling

Risk Level: LOW

Notes

  • Run from any directory containing skills
  • Pure Python - no pip install needed
  • Safe to run on any skill
  • Does not modify analyzed skills

Comments

Loading comments...