Smart Refinement System
v1.0.0Automatically refines unclear prompts, matches relevant skills via vector similarity, integrates context, and suggests execution steps for efficient AI task...
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (prompt refinement, vector matching, context integration) match the packaged code and SKILL.md. The included skills database and APIs (process_message, refine_prompt, match_skills) are coherent with the stated purpose. Minor note: package metadata references a homepage/repo but the skill registry lists 'Source: unknown' / 'Homepage: none' — origin is not verified, but this is an administrative/attribution issue rather than a functional mismatch.
Instruction Scope
SKILL.md and the code stay within the described scope: detecting vague prompts, producing refined prompts, computing TF-IDF/cosine-like matches, integrating context, and producing suggested actions/guides. The docs and code also recommend mapping matched skills to tools (e.g., 'exec', 'read', 'write', 'autoglm-websearch') — the skill only suggests those tools; it does not itself request credentials or automatically run external commands. When integrated into an agent that has tool plugins, those suggested tools could cause the agent to run commands or access files; consider controlling which tools the agent is permitted to use.
Install Mechanism
No install spec that downloads or executes external archives; files are provided in the package. SKILL.md shows optional npx clawhub install and manual copy instructions. No URLs or remote installers in the package that would write arbitrary code at install time.
Credentials
The skill declares no required environment variables, no config paths, and the code does not read secrets or environment variables. It reads/writes local config/log files (config save and log path in config_example.json), which is reasonable for a local utility.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request elevated or persistent platform privileges. It writes its own config/log files in the working directory if used, which is expected behavior.
Assessment
This package appears coherent with its stated purpose. Before installing: 1) Verify the source repository or author (package.json claims a repo/homepage but the registry entry shows unknown source). 2) Review the remaining code (functions not shown in the truncated listing) to confirm there are no unexpected network calls or hidden endpoints. 3) When integrating into an agent, restrict which executor tools the agent can actually invoke (e.g., block or sandbox 'exec', restrict file access) because the skill suggests actions that may lead the agent to pick tools like exec/read/write/browser. 4) Run in a sandbox or test environment first, and inspect/create a safe config (log paths, custom_skills_path) to avoid writing sensitive data to disk. If you want lower risk, install but disable any tooling integrations that provide OS or network access.Like a lobster shell, security has layers — review code before you run it.
ai-assistantvk9736rdenxnar5d6vp80sh28r983wzw4context-integrationvk9736rdenxnar5d6vp80sh28r983wzw4latestvk9736rdenxnar5d6vp80sh28r983wzw4openclawvk9736rdenxnar5d6vp80sh28r983wzw4prompt-optimizationvk9736rdenxnar5d6vp80sh28r983wzw4skill-managementvk9736rdenxnar5d6vp80sh28r983wzw4vector-matchingvk9736rdenxnar5d6vp80sh28r983wzw4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.