ClawHub

Skillfully - Agent Skill Analytics

v1.0.0

Use Skillfully APIs from an AI runtime to authenticate, create a tracked skill, and retrieve feedback.

0· 63·0 current·0 all-time
byEren@erensunerr

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for erensunerr/skillfully.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skillfully - Agent Skill Analytics" (erensunerr/skillfully) from ClawHub.
Skill page: https://clawhub.ai/erensunerr/skillfully
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skillfully

ClawHub CLI

Package manager switcher

npx clawhub@latest install skillfully
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (onboard/manage Skillfully via API) matches the SKILL.md: it documents login, confirming a code, creating a tracked skill, and retrieving feedback. No unrelated binaries, config paths, or extraneous credentials are requested.
Instruction Scope
Instructions are narrowly scoped to calls against https://www.skillfully.sh and obtaining an access token via an email confirmation code. Two minor notes: (1) the workflow requires the agent or user to receive an email code (the SKILL.md says the email must be reachable by Skillfully's email webhook) but does not declare how an AI runtime should surface or fetch that email; (2) the doc tells the user to paste the returned 'snippet' into the agent skill's SKILL.md — doing so modifies agent skill content and will cause that snippet to run/post-feedback in future runs, so users should inspect the snippet before adding it.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is low-risk and appropriate for a simple API onboarding guide.
Credentials
No environment variables or credentials are declared up front; authentication is performed via an email-based login/code-exchange which then yields a Bearer token. This is proportionate to the described task, but callers must ensure the runtime can receive the emailed code (or manually provide it). There are no requests for unrelated secrets or elevated system credentials.
Persistence & Privilege
The skill does not request always:true and has no install-time persistence. The only persistence-related action described is pasting a 'snippet' into the agent's SKILL.md (a user action). If an agent is allowed to autonomously edit its own skill files, that could persist behavior — users should control write permissions accordingly.
Assessment
This skill is an onboarding/how-to doc for the Skillfully API and appears internally consistent. Before installing or enabling it: 1) confirm you trust the domain https://www.skillfully.sh and the operator, since API calls and feedback URLs will interact with that service; 2) be prepared to receive an email code (use an address you control or an ephemeral inbox) — the skill relies on email-based sign-in and does not declare other credentials; 3) carefully inspect any 'snippet' the service returns before pasting it into your SKILL.md (it will send feedback to Skillfully and could change agent behavior); 4) if you allow agent-autonomous actions, restrict its permission to modify skill files or provide an explicit human-in-the-loop for pasting snippets. If any of these points are unacceptable or unclear, treat the skill as untrusted until you can verify the service and the snippet contents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97553k0q1s8btxn86keg2fkas85efwt
63downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
Eren@erensunerr
latest
Download

Skillfully API skill

Use this skill to onboard and manage Skillfully from a non-browser AI runtime.

Set this once:

BASE_URL="https://www.skillfully.sh"

1) Login via API code

Call POST /login to start login.

curl -X POST "$BASE_URL/login" \
  -H "content-type: application/json" \
  -d '{"email":"agent@example.com"}'

The response indicates a code was sent. email must be reachable by Skillfully's email delivery webhook.

2) Verify code and get bearer token

Call POST /login_confirm with the code from email.

curl -X POST "$BASE_URL/login_confirm" \
  -H "content-type: application/json" \
  -d '{"email":"agent@example.com","code":"123456"}'

Response shape:

{
  "token_type": "Bearer",
  "access_token": "<jwt-like-token>",
  "token_prefix": "a1b2c3d4",
  "user_id": "api_user_123",
  "token_expires_at": 1745000000000
}

Use access_token for every authenticated endpoint with:

Authorization: Bearer <access_token>

3) Create a tracked skill and receive the suggested snippet

Call POST /skills with name and optional description.

curl -X POST "$BASE_URL/skills" \
  -H "authorization: Bearer <access_token>" \
  -H "content-type: application/json" \
  -d '{"name":"Code Reviewer","description":"Collect feedback after each run"}'

Response shape:

{
  "id": "<record-id>",
  "skill_id": "sk_xxxxxx",
  "name": "Code Reviewer",
  "description": "Collect feedback after each run",
  "feedback_url": "https://www.skillfully.sh/feedback/sk_xxxxxx",
  "snippet": "# Skillfully feedback (required)\n...\nhttps://www.skillfully.sh/feedback/sk_xxxxxx",
  "created_at": 1745000000000
}

Paste snippet into the agent skill you maintain (typically SKILL.md).

4) Retrieve feedback for one skill

Call GET /feedback/<skill_id> with optional query filters:

  • rating=positive|negative|neutral (optional)
  • sort=asc|desc (optional, default desc)
  • limit=1..100 (optional, default 20)
  • cursor=<createdAt:id> (optional, required for stable pagination)
curl -X GET "$BASE_URL/feedback/sk_xxxxxx?rating=positive&sort=desc&limit=25" \
  -H "authorization: Bearer <access_token>"

Paginated responses include:

{
  "items": [],
  "sort": "desc",
  "limit": 25,
  "rating": "positive",
  "cursor": null,
  "hasMore": true,
  "nextCursor": "1739999999000:feedback-record-id"
}

Use nextCursor as the cursor query arg for the next call:

curl -X GET "$BASE_URL/feedback/sk_xxxxxx?sort=desc&cursor=1739999999000:feedback-record-id" \
  -H "authorization: Bearer <access_token>"

Comments

Loading comments...