Skill Polisher
v1.0.3当用户需要持续打磨和进化技能、追踪技能质量、收集反馈改进、检查技能规范合规性时使用。每次技能执行后自动收集用户评分,沉淀使用数据,定期分析并输出改进建议。包含技能健康度检查、最佳实践沉淀、标准化评分卡等功能。🔒 只读分析,不修改任何技能文件。
⭐ 0· 258·1 current·1 all-time
byLucius.C@luciuscao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (skill polishing, feedback, health checks) match the included scripts and SKILL.md. The code reads SKILL.md and scripts from ~/.openclaw/workspace/skills/ and writes only to ~/.openclaw/workspace/.skill-polisher/, which is appropriate for a feedback/analysis tool.
Instruction Scope
SKILL.md and scripts consistently describe read-only analysis and local storage of suggestions. The runtime instructions instruct the agent to run local Python scripts (collect-feedback, health-report, polish-suggest, etc.) against skills in the workspace. There is no code that tries to access remote endpoints or unrelated system paths. Note: collect-feedback enforces that a skill must be in the tracking list unless --force is used; polish-suggest attempts to call functions (e.g., get_all_skills from health-report) that may not exist at runtime (functional bug), so some commands may error.
Install Mechanism
No install spec — instruction-only with bundled scripts. Nothing is downloaded or written outside the declared .skill-polisher data directory and the workspace skills directory.
Credentials
No environment variables, no external credentials requested. File reads and writes are limited to the user's OpenClaw workspace (skills and a hidden .skill-polisher directory), which aligns with the stated purpose of local feedback collection and analysis.
Persistence & Privilege
always:false (default). The skill can be invoked autonomously by the agent (platform default) but does not declare forced inclusion. It writes only to its own data directory and does not attempt to modify other skills.
Assessment
This skill appears coherent: it only reads installed skills and stores feedback/analysis under ~/.openclaw/workspace/.skill-polisher/. It does not request credentials or network access. Before installing, consider: 1) confirm you are comfortable with the agent invoking the bundled scripts (they run locally and may prompt for interactive input when run without flags); 2) inspect the scripts if you want assurance that no external network calls are added later — currently there are none; 3) be aware of a functional bug: polish-suggest imports get_all_skills from health-report but that function is not defined there, so some commands may fail at runtime; 4) review tracking.json/expectation files if you want to control which skills are tracked (only tracked skills can collect feedback by default). Overall the behavior matches the description and there are no disproportionate permissions or hidden endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk971km0bnpq27sg929n4rtjr1182wpdh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.