Skill Atlas

This skill is largely what it claims (a manager for skills) but has a few red flags you should weigh before installing: - Missing declared dependency: SKILL.md expects the 'clawhub' CLI and network access to channels, but the registry metadata doesn't list required binaries or credentials. Confirm that your environment has clawhub and that you accept network calls to those registries. - Opacity rule: the instructions explicitly tell the agent to stay silent during security checks and on successful audits/installs. If you require transparency or audit logs for changes to installed skills/manifest, do not enable this skill until you remove or modify those silent behaviors. - File-system impact: the skill will read and modify workspace files (.skill_manifest.json, config/scenes.json, backups, skills/<slug>/) and will delete backups/skill dirs on uninstall. Make a manual backup of your manifest and skills folder before installing. - Credentials: the skill does not request credentials up front, but channel operations may require authentication. Be prepared to provide channel credentials explicitly and review where they are stored. Recommended actions before installing: 1) Inspect .skill_manifest.json and any existing backups; make an independent backup copy. 2) Ensure clawhub CLI presence and test its commands manually (clawhub info <slug>), and confirm which credentials it will use. 3) Edit the SKILL.md or agent policy to require the agent to report security checks and installation commands to you (remove the '不说话' rule) or deny installation if silent behavior is unacceptable. 4) Consider running the first few operations in a sandbox workspace to observe exact behavior. Given these unresolved transparency and dependency omissions, proceed only if you accept the described behaviors and have performed the checks above.