ClawHub

Iknowkungfu

v1.2.0

Skill discovery engine. Analyzes what your agent does and recommends ClawHub skills you're missing. Use when: /kungfu, /kungfu-scan, /kungfu-gaps, 'what skil...

1· 281·1 current·1 all-time
by@whooshinglander

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for whooshinglander/iknowkungfu.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Iknowkungfu" (whooshinglander/iknowkungfu) from ClawHub.
Skill page: https://clawhub.ai/whooshinglander/iknowkungfu
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install iknowkungfu

ClawHub CLI

Package manager switcher

npx clawhub@latest install iknowkungfu
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (skill-discovery/recommendation) match the instructions and bundled assets: it needs to read agent memory, installed skills, logs and a local catalogue to find gaps and score candidates. No unrelated credentials or external services are requested.
Instruction Scope
SKILL.md directs the agent to read many local files and directories (MEMORY.md, daily logs, AGENTS.md, HEARTBEAT.md, installed skills in both user and system paths) and to scan skill packages' files for suspicious patterns. That scope is appropriate for a discovery tool but is privacy-sensitive because it can access files that may contain secrets; the skill claims to redact credentials and never send data out.
Install Mechanism
No install spec and no code files — this is instruction-only and does not download or write code to disk. Lowest-risk install footprint.
Credentials
No environment variables, credentials, or config paths are required. The files it reads are directly related to producing workflow profiles and recommendations.
Persistence & Privilege
always:false and no system modification instructions. The skill is not requesting permanent presence or elevated privileges beyond reading local files; autonomous invocation is allowed by default but not exceptional here.
Assessment
This skill appears to do what it says: it analyzes your agent's local files and bundled catalogue to recommend missing skills and does not ask for keys or install software. Before installing, consider: 1) It will read workspace files and skill folders (including system-level skill paths) — these can contain secrets or sensitive data, so run it in an account/environment you trust. 2) Although the SKILL.md says it will redact keys and never make network calls, verify outputs before copying any suggested install commands or exposing results. 3) Inspect the bundled data/skills-catalogue.json and references if you want to confirm recommendation logic or stale entries. 4) If you have strong isolation needs, run the skill in a limited user account or container and/or run a dedicated security scan (e.g., ClawSpa) on installed skills it flags. Overall the package is coherent and proportionate to its stated purpose, but it operates over sensitive local data so exercise normal caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk977qghagx4ycckqkt8sk1828983dhb2
281downloads
1stars
7versions
Updated 1mo ago
v1.2.0
MIT-0
@whooshinglander
latest
Download

iknowkungfu 🥋

Skill discovery in 3 phases:

  1. Profile 🔍 — Analyze your workflow (memory, skills, crons, logs)
  2. Match 🎯 — Cross-reference against curated ClawHub index
  3. Recommend 📋 — Prioritized suggestions with trust scores

100% local. No data leaves your machine.

Commands

/kungfu full scan | /kungfu-scan profile only | /kungfu-gaps uncovered areas | /kungfu-update refresh index

Phase 1: Profile

See references/workflow-analysis.md for full procedure.

Read these sources to build a Workflow Profile:

  • MEMORY.md + daily logs — recurring topics, tools, domains
  • Installed skills — list from BOTH ~/.openclaw/skills/ AND system paths (e.g. /opt/homebrew/lib/node_modules/openclaw/skills/). Check ALL install locations. Map to categories via data/workflow-patterns.json
  • AGENTS.md + config — user role, tool preferences, model budget signals
  • HEARTBEAT.md + crons — automated/scheduled responsibilities
  • Recent logs (7 days) — dominant task types, frequent commands

Quick security check while reading skills: scan for base64, curl/wget, eval/exec, env var harvesting. Flag warnings. For deep scanning, recommend ClawSpa.

Output the Workflow Profile (template in references/workflow-analysis.md).

Phase 2: Match

See references/recommendation-engine.md for full procedure.

Load data/skills-catalogue.json. For each gap in the profile:

  1. Find matching skills by category
  2. Score candidates (see references/scoring.md)
  3. Filter already-installed skills (check ALL install paths: user, system, workspace)
  4. Filter skills whose functionality is already covered by existing config (e.g. memoryFlush covers session wrap-up, gog covers Gmail)
  5. Rank by score, deduplicate overlaps

Phase 3: Validate Before Recommending

Before presenting, run each candidate through a relevance check:

  • Does the user actually use this tool/service? (e.g. don't recommend Slack if they never mention it)
  • Is equivalent functionality already covered by a system skill, config setting, or existing workflow?
  • Would this realistically fit the user's setup? (solo builder vs team, macOS vs Linux, budget signals)

Drop candidates that fail. Better 2 genuinely useful than 5 with 3 irrelevant. If all fail: "gap detected but no relevant match for your setup."

Phase 4: Recommend

Present top 5:

🥋 I KNOW KUNG FU — Recommendations
═══════════════════════════════════════
1. 🟢 skill-name (★ 4.5)
   Category: [cat] | Author: [author]
   Why: [1-2 sentences tied to YOUR workflow]
   Install: clawhub install skill-name
   ─────────────────────────────────
[up to 5]
═══════════════════════════════════════
💡 /kungfu-gaps for all uncovered areas
═══════════════════════════════════════

Trust Scoring

See references/scoring.md. Factors: downloads (25%), stars (20%), author rep (15%), recency (15%), permissions (15%), security (10%). Never recommend: <50 downloads, VirusTotal flags, no author, excessive unjustified permissions.

Safeguards

  • READ-ONLY. Never installs, modifies, or removes anything. Zero network calls.
  • Only recommends skills passing trust AND relevance thresholds.
  • Honest about confidence. If no good match exists, says so.
  • NEVER include full file contents in output. Only summarize patterns and categories.
  • NEVER print API keys, tokens, passwords, SSH keys, or any credential-like strings found in any file.
  • When reporting security flags, describe the PATTERN found (e.g. "env var reference in script"), never quote the actual value.
  • Redact any file paths that contain usernames or home directories in output.

Limitations

Catalogue is bundled (may lag). Trust scores are heuristic. <7 days history = less accurate.

Comments

Loading comments...