Skill Priority Setup
v1.0.0Scans installed skills, suggests L0-L3 priority tiers, and auto-configures skill injection policy. Use when: setting up skill priorities, optimizing token bu...
⭐ 0· 383·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's declared purpose (scan skills, suggest tiers, apply injection policy) aligns with the included scripts: setup.py scans ~/.openclaw paths, suggests tiers, generates a policy file, and updates AGENTS.md / SOUL.md. Requiring the ability to modify those files is coherent with the purpose, but modifying agent evolution (SOUL.md) is higher privilege than a typical configuration helper and should be justified/inspected.
Instruction Scope
SKILL.md tells the user to run the setup script which will read many SKILL.md files and then write to global config locations (openclaw.json, ~/.openclaw/workspace/AGENTS.md, ~/.openclaw/workspace/SOUL.md and message injector config). Those file modifications are within the stated goal, but they cross user-agent boundaries (modifying agent behavior files). The interactive review exists, but the script also supports --auto and will apply changes; ensure you run --dry-run and inspect outputs first.
Install Mechanism
This is instruction-only with no install spec (no remote downloads). That lowers risk. However, included helper scripts generate DOCX files and one script writes a hard-coded absolute path (/Users/macmini/...) which is odd and may cause writes to unexpected locations or failures — this should be corrected.
Credentials
The package requests no environment variables or external credentials. All file access is local under the user's home (~/.openclaw). No network endpoints or API keys are requested.
Persistence & Privilege
The script creates/overwrites global agent files (AGENTS.md, SOUL.md, openclaw.json, message injector config). While that matches its stated purpose (configuring injection policy), these are high-impact changes because they can alter agent behavior (including 'agent-evolution' behaviors). The skill is not always: true, but it can run in --auto mode. Treat it as high-privilege and review changes before applying.
Scan Findings in Context
[HARD_CODED_ABSOLUTE_PATH] unexpected: generate_docx.py uses a hard-coded output path '/Users/macmini/.openclaw/workspace/skills/skill-priority-setup/README.docx' (and similarly for README_CN.docx). Hard-coded user paths are brittle and may attempt to write outside expected locations.
[MODIFIES_GLOBAL_AGENT_CONFIG] expected: The main setup script explicitly reads/writes openclaw.json, AGENTS.md, SOUL.md and message injector config. This is expected given the skill's goal, but it's high-impact and should be reviewed and run in dry-run mode first.
[SEARCHES_USER_SKILL_PATHS] expected: The script recursively scans multiple ~/.openclaw directories for SKILL.md files. That's expected, but be aware it enumerates installed skills and their names/paths.
What to consider before installing
This package appears to implement the behavior it advertises, but it will modify global agent configuration files that can change how your agents behave (including self-improvement/evolution rules). Before running: 1) Inspect the scripts (setup.py and generate_policy_content) to verify exactly what will be written to AGENTS.md and SOUL.md. 2) Always run with --dry-run and review the generated SKILL_PRIORITY_POLICY.md and listed diffs/backups. 3) Don't use --auto until you're confident in the suggestions. 4) Check and remove/adjust the hard-coded '/Users/macmini/...' paths in the DOCX generators or avoid running those scripts. 5) Keep the backups the script creates and test changes in a sandbox or non-production agent. If you are not comfortable reviewing the files yourself, ask a trusted administrator to audit the proposed edits before applying.Like a lobster shell, security has layers — review code before you run it.
configurationvk97bt213xcn11y7c373hn7525x821c3xlatestvk97bt213xcn11y7c373hn7525x821c3xskillsvk97bt213xcn11y7c373hn7525x821c3x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.