ClawHub

深度解析Skill技能,输出四部分报告:功能摘要、场景分析、流程图、评分点评,让你一眼看懂优秀技能背后的设计逻辑ub 链接。

v1.0.0

深度解析技能包,输出四部分报告:摘要+图、优劣势+图、流程图、评分。 触发词:分析技能、帮我看看这个技能、这个包是干嘛的、拆解技能、 这个skill怎么用、看看这个skill、解读技能。 支持上传文件、粘贴链接、提供本地路径。

0· 53·0 current·0 all-time
byJue@opengjun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the skill analyzes uploaded skill packages, looks for SKILL.md/README, and produces ASCII/Mermaid diagrams and a four-part report. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are narrowly scoped to reading a user-supplied package (download link, local path, or uploaded file) and extracting SKILL.md/skill.yaml/README. It explicitly says to decompress in-memory and only use specific files. Minor caution: allowing arbitrary local paths means a user could accidentally point the agent at sensitive local files; the spec does not show explicit checks to prevent reading paths outside the intended package.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk category and consistent with the stated purpose.
Credentials
The skill requests no environment variables, secrets, or external credentials. That is proportionate to an analyzer whose inputs are user-provided files/links.
Persistence & Privilege
always is false and autonomous invocation is default. The skill does not request persistent/system-level privileges or to modify other skills; this is appropriate.
Assessment
This skill appears coherent and low-risk, but be cautious about what you upload or point it to. Only provide the skill package you want analyzed — avoid giving root or system paths. Do not upload archives that contain secrets (keys, tokens, passwords) unless you are willing to share them. Prefer direct uploads or vetted GitHub links rather than arbitrary HTTP links. Confirm with the agent if it intends to access any path you did not expect before proceeding. If you need extra assurance, request the analyzer run in a sandboxed environment or ask it to list files it will read before analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2g5z69n7wh3km8grr6t89n84c7mp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments