ClawHub

Agent Advisor

v0.1.1

模型推荐 + OpenClaw 安全系数分析工具。当用户询问"用哪个模型"、"推荐模型"、"适合什么模型"、"安全系数"、"openclaw 安全"、"根据历史"时触发。功能:(1) 根据历史会话自动分析任务类型并推荐最优的 Claude 模型(auto 模式),(2) 根据用户描述的任务推荐最优模型(recom...

0· 230·0 current·0 all-time
by@mrkangzubin·duplicate of @mrkangzubin/model-advisor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (model recommendation + OpenClaw security analysis) matches the implementation: the script reads ~/.openclaw/openclaw.json, optional models.json, and recent session files to compute a security score and recommend Claude models. No unrelated services, binaries, or credentials are required.
Instruction Scope
SKILL.md and the runtime script instruct the agent to run the local Node script which reads local OpenClaw configuration and session history and prints results. The instructions reference only local OpenClaw paths and do not direct data to external endpoints or request unrelated system files. Note: reading session files means user messages are processed locally (privacy-sensitive but expected for the stated purpose).
Install Mechanism
There is no install spec or external download. The skill is implemented as a local Node script and is intended to be run with the system's node binary; nothing is written to disk by an installer. This is a low-risk install footprint.
Credentials
No environment variables or credentials are requested, which is appropriate. The script does read files under the user's home directory (~/.openclaw/*), including sessions.json/.jsonl and openclaw.json — these contain user conversation text and configuration and are necessary for the feature but are privacy-sensitive. The access is proportionate to the stated functionality.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills, and does not require system-wide changes. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
Assessment
This skill reads your OpenClaw configuration and recent session files in your home directory (~/.openclaw/openclaw.json, models.json, and session .jsonl files) to compute a security score and recommend models. That behaviour matches its description, but be aware the session files contain user messages (potentially sensitive). Before installing or running, you may: (1) inspect the full scripts/advisor.js file yourself (search for any 'http', 'fetch', 'net', or 'child_process' uses) to confirm there are no network exfiltration calls; (2) back up or redact sensitive sessions you don't want analyzed; and (3) ensure you trust the source since the script will read local chat contents. If you want extra caution, run the script in a restricted environment or inspect output locally rather than granting any additional credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pgjhjcjwqjqcxkww0gh1a182n4ah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments