Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Distill
v1.0.1当需要把多个功能重叠的 skill 合并为一个蒸馏版 skill 时使用。 不适用于从 skills 提取 rules(rules extraction is a separate capability from ECC's rules-distill skill, not part of this repo)或...
⭐ 0· 67·1 current·1 all-time
by_silhouette@lanyasheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the instructions line up: distillation needs to read source SKILL.md and references/, analyze overlap/conflicts, then produce a distilled SKILL.md + references and validate via improvement tooling. Running validators (improvement-learner/orchestrator/evaluator) is consistent with the stated Phase 4 validation step.
Instruction Scope
SKILL.md explicitly directs the agent to read every source skill's SKILL.md and references (expected), to write new skill directories, and to run validation scripts located under ~/.claude/skills/... (python3 ~/.claude/skills/improvement-learner/scripts/self_improve.py, etc.). The manifest metadata declared no required config paths, yet the instructions require access to the user's home config (~/.claude) and to execute local scripts. Executing those local scripts can run arbitrary code beyond the skill's prose, which increases risk and is not declared.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts. This is the lowest install risk — nothing is written by an installer at install time. The remaining risk comes from instructions that run local scripts at runtime.
Credentials
Declared requirements list no env vars or config paths, but the instructions assume read/write access to ~/.claude, .improvement-memory, and the ability to execute python scripts in ~/.claude/skills. That is a mismatch: the skill implicitly requires file-system and execution privileges that were not declared. Those scripts may access other files/credentials on disk, so the effective privileges are broader than the metadata indicates.
Persistence & Privilege
always:false and agent invocation is normal. The skill's workflow includes creating a new skill directory and giving options to replace/delete/retain source skills — operations that modify other skill files. The doc states user confirmation is required before generating/replacing; ensure the agent actually prompts and you review the exact changes. The skill itself does not ask to be always-enabled.
What to consider before installing
This skill mostly does what it says (merging skills), but its runtime steps tell the agent to execute local Python validation scripts and to read/write under ~/.claude even though the package metadata declares no config paths or credentials. Before installing or using it: (1) verify the referenced improvement-* scripts exist in ~/.claude and inspect them so you trust what they execute; (2) back up any source skill directories you might allow the tool to modify or delete; (3) insist on explicit, interactive confirmation for any delete/replace actions and review a dry-run diff of proposed changes; (4) if you prefer safer testing, run the distillation process in a sandbox or on copies of skills rather than on your primary skills directory. If you cannot inspect the local scripts or prefer not to grant execution rights, treat this skill as higher-risk and avoid running its Phase 4 automated validation steps.Like a lobster shell, security has layers — review code before you run it.
latestvk9764z7ckwezjaxfj27y5xaxps84dr1z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.