AI Skill Optimizer
v1.1.0AI公司 Skill 优化工作流(CTO 性能工程 + CISO 安全优化标准版)。当需要对现有 Skill 进行性能优化、Token 节省、上下文精简、安全加固、代码重构、质量提升时触发。触发关键词:优化技能、优化 Skill、节省 Token、精简 Skill、重构 Skill、提升 Skill 质量、安全加...
⭐ 0· 57·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (skill optimizer) matches the instructions: it inspects SKILL.md, references, and scripts to measure tokens, latency, and security (CVSS/STRIDE) and produce optimization suggestions. It does not request unrelated credentials or binaries. Declared interface includes read access to skills/ and write access for optimization results, which is appropriate for the stated purpose.
Instruction Scope
The SKILL.md stays on-topic (baseline measurement, token/performance/security/quality tasks). It references reading skill files, running isolated sessions, input validation, and constrained command execution patterns. Two operational notes: (1) authorization for security-harden is a simple string equality check in the pseudocode (authorization: "CISO-001") — this is a policy-level control and must be enforced by the platform, otherwise it can be spoofed; (2) the skill assumes the ability to read skill files and run isolated sessions (sessions_send/sessions_spawn) — ensure those platform primitives actually restrict access as described.
Install Mechanism
No install spec or code files to run; instruction-only skills are lowest-risk for installation. All included artifacts are documentation/reference snippets, not executables or downloads.
Credentials
The skill declares no required environment variables, credentials, or config paths. Reference files include examples that use environment variables (e.g., get API_KEY) but these are illustrative and do not translate into required secrets. This is proportionate for a tool that reviews other skills.
Persistence & Privilege
always:false and the skill does not request permanent platform presence or system-wide config changes. Autonomous invocation is allowed (platform default) but the skill design emphasizes isolated sessions and minimal returned data. Confirm platform enforces the isolation and authorization constraints.
Assessment
This skill appears coherent and instruction-only (no installers or secret requests). Before installing, verify three operational controls with your platform admin: 1) that 'isolated' sessions (sessions_send / sessions_spawn) are actually enforced by the runtime so the optimizer cannot access unrelated agent state or write outside its workspace; 2) how the CISO-001 authorization is validated — the SKILL.md uses a simple string check in examples, so ensure the platform ties that string to a real identity/role rather than trusting an unverified parameter; 3) confirm what the baseline/token counting method accesses (which file paths) and that results do not accidentally expose sensitive code/config; require audit logging for any optimization runs and a manual CISO review for security-harden tasks. If those platform-level guarantees exist, the skill is appropriate to use.Like a lobster shell, security has layers — review code before you run it.
automationvk976hcma64qn942k55xaxdwxf584qq33ctivk976hcma64qn942k55xaxdwxf584qq33latestvk976hcma64qn942k55xaxdwxf584qq33mlopsvk976hcma64qn942k55xaxdwxf584qq33
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
OSLinux · macOS · Windows