Skill 激活器
v1.0.0Skill 激活器——帮助用户发现自动化需求、匹配已有 Skill、融合生成新 Skill。 解决"装了 OpenClaw 不知道用来做什么"的核心问题。 Use when: (1) User says "帮我看看能自动化什么", "我能用 OpenClaw 做什么", "帮我体检", "激活", "scan m...
⭐ 1· 75·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (discover → match → fuse) align with the included files: SKILL.md, role templates, fusion guide, and a scanner script that enumerates installed skills and workspace identity. The files and actions requested are coherent with an 'activator' skill.
Instruction Scope
Runtime instructions explicitly run scripts/scan_environment.sh and read SKILL.md and reference files to discover skills and user role. This is within the stated purpose, but the scan prints portions of local identity files (SOUL.md/USER.md/IDENTITY.md) and reads config under $HOME (e.g., ~/.openclaw), which can expose personal or token-bearing content if those files contain secrets. The skill also instructs generating fused SKILL.md and glue scripts, which means it may write files into the workspace.
Install Mechanism
No install spec is present (instruction-only) and the only code is a small included shell scanner. Nothing is downloaded or executed from external URLs by default. This is a low-risk install posture.
Credentials
The skill does not request environment variables or external credentials, which matches its purpose. However, it reads local configuration and identity files (HOME dirs, workspace files, config YAML/JSON) — behavior that is proportionate to an environment scan but potentially sensitive if those files contain secrets or tokens.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It may create fused skill files in the workspace when asked (normal for a generator), but it does not modify other skills' configurations or claim system-wide persistence.
Assessment
This skill appears to do what it claims: it scans your OpenClaw workspace and installed skills, recommends automations, and can generate fused SKILL.md/glue scripts. Before running it, consider: 1) Review the identity files (SOUL.md/USER.md/IDENTITY.md) and any config under ~/.openclaw for secrets — the scanner prints portions of these files; remove or redact sensitive tokens if present. 2) When the skill suggests "one-click" installs (clawhub install) or packaging (package_skill.py), review the generated SKILL.md and any glue scripts before executing installation or publishing. 3) Be aware generated scripts will be written into your workspace; keep backups or run in a disposable workspace if unsure. If you want more assurance, open the produced activation report and fused SKILL.md and inspect them before running any install commands.Like a lobster shell, security has layers — review code before you run it.
latestvk978g0vmts7k3bx89pjdmnnnwn83zqm2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.