ClawHub

skill-manager

v1.0.1

管理 OpenClaw Skills:以表格形式列出所有 skills、显示功能介绍、找出功能重复的 skills。Use when: 用户想知道安装了哪些 skills、某个 skill 是做什么的、或者想找出重复功能的 skills。

0· 811·6 current·6 all-time
by@damiencronw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match what the included script does (reads ~/.openclaw/workspace/skills and extracts SKILL.md descriptions). Minor inconsistency: the script invokes the 'clawhub' CLI but the registry metadata did not declare any required binary.
Instruction Scope
SKILL.md instructs running scripts/list_skills.py, which only reads SKILL.md files under ~/.openclaw/workspace/skills and prints their descriptions. It also runs 'clawhub list' via subprocess to show ClawHub-installed skills; this is within scope for listing skills but grants the called binary full control of whatever it does.
Install Mechanism
No install spec or external downloads; the skill is instruction+script only and does not write or fetch code during install.
Credentials
No environment variables, credentials, or unusual config paths are requested. The script reads files from the user's ~/.openclaw workspace, which is appropriate for the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills' configs; it runs only when invoked.
Assessment
This skill appears to do what it says: list installed skills by reading ~/.openclaw/workspace/skills and calling the local 'clawhub list' command. Before installing/running: (1) inspect scripts/list_skills.py (already included) — it is short and readable; (2) be aware that it will execute the 'clawhub' CLI if present, so only run it if you trust that binary (the registry metadata did not declare 'clawhub' as a required binary); (3) no secrets are requested or transmitted by the script, but if you are cautious, run it in a restricted environment or review/replace the 'clawhub' invocation to avoid running unknown code.

Like a lobster shell, security has layers — review code before you run it.

latestvk974nwh37dpp4c2syhgdf7mn3582hjek

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis

Comments