ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

All-skill-list

v1.0.0

本地扩展技能目录 - 聚合所有 OpenClaw 本地技能,支持列表查询、描述提取、缓存加速、差异对比、自动更新技能清单

0· 181·0 current·0 all-time
by@fantasywoc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fantasywoc/all-skill-list.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "All-skill-list" (fantasywoc/all-skill-list) from ClawHub.
Skill page: https://clawhub.ai/fantasywoc/all-skill-list
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install all-skill-list

ClawHub CLI

Package manager switcher

npx clawhub@latest install all-skill-list
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual behavior: the script scans ~/.openclaw/workspace/skills, extracts SKILL.md content, and can export JSON/Markdown. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions and the script stay within the declared scope (filesystem scanning, caching, export). The script reads every SKILL.md it finds and can return full content — expected for this tool but means it will read arbitrary files under the skills tree (which may contain sensitive data).
Install Mechanism
No install spec or external downloads; this is an instruction-only skill with a bundled Python script. Nothing is pulled from the network during install.
Credentials
No environment variables or external credentials are requested; metadata points to the local skills directory and is consistent with the purpose.
Persistence & Privilege
Skill does not request always:true and only writes files under its own scripts directory (skills_cache.pickle, skills_export.json, all_skills.md). However it loads a pickle cache file from disk which introduces deserialization risks if that file is tampered with or replaced.
What to consider before installing
This skill appears to do exactly what it claims (aggregate and export local skills), but exercise caution before running it: - The script loads and writes a cache using Python's pickle. Untrusted pickle files can execute arbitrary code when loaded. If an attacker or other user can modify ~/.openclaw/workspace/skills/all-skill-list/scripts/skills_cache.pickle, running the script could run that code. - Before installing/running: inspect the script (scripts/skill-list.py) yourself and ensure the skills directory and the all-skill-list/scripts directory are writable only by you/trusted users. - If you want to reduce risk: delete any existing skills_cache.pickle before the first run, or modify the script to use JSON for cache storage instead of pickle (safer), or run the script in a restricted sandbox/container. - Be aware the tool will read the full contents of SKILL.md files across your skills tree (and can export them). Don’t place secrets or sensitive tokens in those files. I rate this suspicious (not outright malicious) because the core functionality is coherent but the use of pickle for caching and reading/writing files under the skills tree are legitimate design choices that carry tangible security risks if files are tampered with. If you can verify the script and control file permissions, the risk is much lower.

Like a lobster shell, security has layers — review code before you run it.

latestvk970aew8qff85ka116699afchd837984
181downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@fantasywoc
latest
Download

📚 Skill-List - 本地扩展技能目录(智能缓存版)

🦀️ 功能介绍

本技能是 OpenClaw 本地技能的聚合管理工具,核心能力:

  • ✅ 扫描 ~/.openclaw/workspace/skills 目录下所有本地技能
  • ✅ 自动提取每个技能的名称、功能描述、存储路径
  • ✅ 基于 Pickle 缓存加速查询,避免重复全量扫描
  • ✅ 智能对比目录变化:仅当技能增/删时更新缓存,无变化直接返回缓存
  • ✅ 支持多种输出格式:简单列表、半详细、全详细、JSON、Markdown
  • ✅ 支持多种信息详细级别:simple(简单)、half(半详细)、all(完整)

🎯 使用方式

1. 查看所有技能列表(自动使用缓存)

bash python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -V simple

2. 强制刷新缓存(无视缓存,重新扫描)

‵‵·bash python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py --force

3. 查看完整技能信息

#显示简单信息

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -V simple

#显示完整SKILL.md内容

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -V all

#显示一半信息

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -V half

4. 导出格式

bash 导出为JSON格式

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py --json

导出为Markdown格式

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py --md

5. 组合使用

bash 强制刷新并显示完整信息

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -f -V all

显示完整信息并导出为JSON

python3 ~/.openclaw/workspace/skills/all-skill-list/scripts/skill-list.py -V all --json

📊 显示级别说明

级别参数显示内容示例
简单-V simple技能名称、状态图标1. ✅ skill-name
半详细-V half名称、状态、一半描述、路径显示描述前200字符
完整-V all名称、状态、完整描述、路径显示完整SKILL.md内容

📝 核心工作流程

OpenClaw 调用本技能时,执行以下逻辑:

  1. 读取本地技能根目录:~/.openclaw/workspace/skills
  2. 检查缓存文件:~/.openclaw/workspace/skills/all-skill-list/scripts/skills_cache.pickle
  3. 对比缓存中记录的技能目录列表与当前实际目录
    • 目录无变化 → 直接读取并返回缓存内容
    • 目录有变化 → 重新扫描所有技能 → 更新缓存 → 返回新结果
  4. 支持通过 --force 参数跳过对比,强制刷新缓存
  5. 支持通过 -V 参数控制输出详细程度

📂 缓存与导出文件说明

文件格式用途路径
skills_cache.picklePickle主缓存文件,加快查询速度all-skill-list/scripts/
skills_export.jsonJSON导出数据,供其他程序使用all-skill-list/scripts/
all_skills.mdMarkdown技能总览文档,包含所有技能描述all-skill-list/scripts/

🔧 完整命令行参数

基本参数
用法: python skill-list.py [选项]

选项:
  -f, --force        强制重新扫描
  -v, --verbose      显示详细信息
  -V 级别            显示级别: all(全部)/half(一半)/simple(简单)
  --json             导出为JSON格式
  --md               导出为Markdown格式
  --no-repair        关闭自动修复功能
  --debug            显示调试信息
  -h, --help         显示帮助

自动修复功能:
  当技能的描述为空、路径不存在或信息不完整时,会自动尝试重新获取
  默认开启,可使用 --no-repair 关闭

示例: python3 skill-list.py # 简单列表 python3 skill-list.py -V all # 显示完整信息 python3 skill-list.py --no-repair # 关闭自动修复 python3 skill-list.py -f -V all # 强制刷新并显示全部

🎪 使用示例

示例1:快速查看所有技能

bash python3 skill-list.py

输出:

🔍 扫描OpenClaw技能... 📊 OpenClaw技能列表 (共 8 个)

  1. ✅ skill-1
  2. ✅ skill-2
  3. ❌ skill-3 📈 统计: 6/8 个技能有SKILL.md文件

示例2:查看技能完整描述

bash python3 skill-list.py -V all

输出每个技能的完整SKILL.md内容,便于了解技能详情。

示例3:导出技能库文档

bash python3 skill-list.py --md

生成包含所有技能完整描述的Markdown文档,便于分享和查阅。

示例4:与其他系统集成

bash python3 skill-list.py --json > skills.json

导出为JSON格式,便于被其他程序或工具读取。

📁 目录结构

~/.openclaw/workspace/skills/ ├── skill-1/ # 技能1 │ └── SKILL.md ├── skill-2/ # 技能2 │ └── SKILL.md └── all-skill-list/ # 当前技能 ├── SKILL.md # 本文件 └── scripts/ ├── skill-list.py # 主脚本 ├── skills_cache.pickle # 缓存文件 ├── skills_export.json # JSON导出文件 └── all_skills.md # Markdown导出文件

🔄 缓存机制

  1. 智能检测:通过对比技能目录列表变化,决定是否更新缓存
  2. 增量更新:只有技能增删时才重新扫描,提高效率
  3. 手动刷新:支持--force参数强制重新扫描
  4. 缓存格式:使用Pickle格式存储,同时支持JSON导出

📅 更新日志

日期版本说明
2026-03-13v1.0初版:基础技能列表查询功能
                  新增缓存加速、目录差异对比、JSON输出 |
                  增加-V参数控制显示级别,支持all/half/simple三种模式 |
                  添加--json和--md导出功能,完善帮助文档 |

🆕 新功能亮点

  1. 灵活的信息显示:通过-V参数控制输出详细程度
  2. 多格式导出:支持JSON和Markdown导出
  3. 智能缓存:自动检测变化,减少不必要的扫描
  4. 完整文档:可生成包含所有技能的详细文档
  5. 易于集成:JSON格式便于与其他工具集成

注意:本技能会自动排除自身目录(all-skill-list),避免递归扫描问题。所有路径均基于脚本所在位置动态计算,确保在不同环境下都能正常工作。

最后更新:2026-03-20

Comments

Loading comments...