ClawHub

Find Skills - 查找技能

v1.0.2

用 find_skills.py 在 ClawHub 搜索或列举已装技能,支持 JSON 输出。当用户说:ClawHub 上有没有天气技能、我本地装了哪些 skill,或类似技能发现问题时,使用本技能。

3· 146·0 current·0 all-time
by极速数据@jisuapi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (find/list/search installed skills on ClawHub) match the code and SKILL.md. The script calls the clawhub CLI and the ClawHub HTTP API for details and scans the local OPENCLAW_SKILLS_DIR (~/.openclaw/workspace/skills) for SKILL.md files — all expected for this purpose.
Instruction Scope
Runtime instructions and the script's behavior stay within scope: parsing user queries, calling 'clawhub' for search/list/inspect, optionally fetching ClawHub API details, and scanning local skill directories for SKILL.md. It does read OPENCLAW_SKILLS_DIR and NO_COLOR env vars (documented) and uses subprocess.run to invoke clawhub; these are necessary for functionality.
Install Mechanism
There is no install spec; the skill is instruction-only with a Python script included. No downloads or archive extraction are performed by an installer. This is a low-risk install footprint.
Credentials
The skill declares no required environment variables or credentials. It optionally reads OPENCLAW_SKILLS_DIR to locate local skills and NO_COLOR for output; both are reasonable and documented. It does not request secrets or unrelated cloud credentials.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges. It does not modify other skills' configurations. It can invoke the clawhub CLI and make HTTP requests, which is appropriate for its function.
Assessment
This skill is coherent with its stated purpose, but review the following before installing or allowing autonomous invocation: 1) It executes the local 'clawhub' CLI via subprocess.run — ensure the clawhub binary on your PATH is trusted (a malicious clawhub could do anything). 2) It performs network requests to https://clawhub.ai (fetching skill metadata); if you are in a high-security environment, be aware this transmits queried slugs/requests to that service. 3) The script scans your local skills directory (default ~/.openclaw/workspace/skills) for SKILL.md files; ensure no sensitive data is stored there if you plan to have this skill send results externally. 4) The 'install' subcommand can execute actual installs when invoked with --execute — treat that like running a package manager/installer. If unsure, run the script locally to inspect output and behavior before allowing agent-autonomous use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97byt9srxr9d79gv344mah901845ch2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔎 Clawdis
Binspython3

Comments